Technical Information
- https://www.si##ky.net/faedhhppypv8ji7sfulfhc7wcvjdhpwxufmarhsmsyz5sw as c:/users/public/anti malware.exe
- C:\users\public\ffatm3mqk3zhidnbbsfm.cmd
- C:\users\public\oaapytjy0olgpw59bicpinxmm0l9pb.vbs
- nul
- 'si##ky.net':443
- DNS ASK si##ky.net
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\Public\oAAPytJY0OlGPW59bIcPINXMm0l9Pb.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\FfAtM3mqK3ZhIdNBbSfm.cmd" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\FfAtM3mqK3ZhIdNBbSfm.cmd" "
- '%WINDIR%\syswow64\timeout.exe' /T 15 /NOBREAK
- '%WINDIR%\syswow64\cmd.exe' /K start explorer.exe
- '%WINDIR%\syswow64\explorer.exe'