Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im spotify.exe
- %TEMP%\disable taskmgr.bat
- %TEMP%\song.mp3
- %TEMP%\error.mp3
- %TEMP%\voice.vbs
- %TEMP%\music.vbs
- %TEMP%\msg.vbs
- %TEMP%\invisible.vbs
- %TEMP%\error.vbs
- %TEMP%\enter.vbs
- %TEMP%\disk.vbs
- %TEMP%\disco.vbs
- %TEMP%\show.exe
- %TEMP%\melter.exe
- %TEMP%\hide.exe
- %TEMP%\Anti Malware.exe
- %TEMP%\run.bat
- %TEMP%\Hidden.bat
- %TEMP%\enable taskmgr.bat
- %TEMP%\risi.jpg
- %APPDATA%\Microsoft\Speech\Files\UserLexicons\SP_5D277F1255C34EEEBCA7FF120F25BAEA.dat
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'CicLoaderWndClass' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\voice.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\run.bat" "
- '<SYSTEM32>\wscript.exe' "invisible.vbs" "Hidden.bat"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Hidden.bat" "
- '<SYSTEM32>\reg.exe' add "HKCU\Control Panel\Desktop" /V Wallpaper /F /T REG_SZ /D "%HOMEPATH%\risi.bmp"
- '<SYSTEM32>\rundll32.exe' user32.dll, UpdatePerUserSystemParameters