Technical Information
- '%WINDIR%\explorer.exe' /c, C:\Users\Public\Documents\Lzd79Lc.js
- C:\users\public\documents\lzd79lc.js
- nul
- http://af#######39.hotelriver.monster/?1/
- DNS ASK af#######39.hotelriver.monster
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Documents\Lzd79Lc.js"
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Documents\Lzd79Lc.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p s4lkWFm="%RBS:IVYO=%%vr2gaIr:1NGJH=/%" 0<nul 1>C:\Users\Public\Documents\Lzd79Lc%VIR%s"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /S /D /c" cd %WINDIR% 1>nul"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo exPlOreR /c, C:\Users\Public\Documents\Lzd79Lc%VIR%s"
- '<SYSTEM32>\cmd.exe'