Technical Information
- regasm.exe
- %TEMP%\7zipsfx.000\pel.aifc
- %TEMP%\7zipsfx.000\quando.aifc
- %TEMP%\7zipsfx.000\senza.aifc
- %TEMP%\7zipsfx.000\tuo.aifc
- %TEMP%\7zipsfx.000\ritorna.exe.com
- %TEMP%\7zipsfx.000\r
- %TEMP%\7zipsfx.000\regasm.exe
- %TEMP%\7zipsfx.000\r
- %TEMP%\7zipsfx.000\tuo.aifc
- %TEMP%\7zipsfx.000\pel.aifc
- %TEMP%\7zipsfx.000\quando.aifc
- %TEMP%\7zipsfx.000\regasm.exe
- 'ly###usahe.xyz':80
- http://ly###usahe.xyz//
- DNS ASK sq#######RAMHD.sqfcxSDOMRAMHD
- DNS ASK ly###usahe.xyz
- '%TEMP%\7zipsfx.000\ritorna.exe.com' r
- '%TEMP%\7zipsfx.000\regasm.exe'
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\cmd < Pel.aifc' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\cmd < Pel.aifc
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\findstr.exe' /V /R "^xANLNDneptSvWQLRucpkNoscTMnXkKgBlRFSvxmlYmVbgwzMrDUnFLUkoaRwtAQmPdktkTcMWZhhhUiSaMUHPPWnWzJrCbybJvHXPfApooCFnHYgkZJaGoJqzNiSls$" Senza.aifc
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 30