Technical Information
- %TEMP%\me.bat
- %TEMP%\b5e6.tmp.zip
- %TEMP%\b5e7.tmp.vbs
- %TEMP%\image.jpg
- %TEMP%\dd07.tmp.jpg
- <Current directory>\me.bat
- %TEMP%\b5e7.tmp.vbs
- %TEMP%\b5e6.tmp.zip
- %TEMP%\me.bat
- http://ke######le.atwebpages.com/keep/img.jpag
- DNS ASK google.com
- DNS ASK ke######le.atwebpages.com
- '%WINDIR%\syswow64\cscript.exe' //nologo "%TEMP%\B5E7.tmp.vbs"
- '%TEMP%\image.jpg' "%TEMP%\DD07.tmp.jpg" "%TEMP%\\image.jpg"
- '%TEMP%\dd07.tmp.jpg'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\me.bat""
- '%WINDIR%\syswow64\timeout.exe' 10