Technical Information
- <SYSTEM32>\tasks\uowtjtcespfurgcfnsogaazzx\uowtjtcespfurgcfnsogaazzx
- %TEMP%\calc.exe
- %TEMP%\la4vcel4s0w.fv
- http://ri##t.me/mes/addbot.php
- http://ri##t.me/mes/calc.exe
- DNS ASK ri##t.me
- '%TEMP%\calc.exe'
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 1 & Del "<File name>.exe"' (with hidden window)
- '%TEMP%\calc.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C schtasks /create /tn \UOwtJTcESpfUrgcFnSOGAAzzx\UOwtJTcESpfUrgcFnSOGAAzzx /tr %TEMP%\calc.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 1 & Del "<File name>.exe"
- '<SYSTEM32>\schtasks.exe' /create /tn \UOwtJTcESpfUrgcFnSOGAAzzx\UOwtJTcESpfUrgcFnSOGAAzzx /tr %TEMP%\calc.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 1
- '<SYSTEM32>\taskeng.exe' {1CFD9AA1-4CAD-439B-AEDB-803C08C90544} S-1-5-21-1960123792-2022915161-3775307078-1001:usxsnf\user:Interactive:[1]