Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- <SYSTEM32>\tasks\microsoftedgeupdatetaskmachineus
Modifies file system
Creates the following files
- %HOMEPATH%\pictures\desktop.ini:coll9
- %HOMEPATH%\pictures\desktop.ini:arqwc
- %HOMEPATH%\pictures\desktop.ini:mosz1
Network activity
Connects to
- 'me############led-directly-vid.trycloudflare.com':443
- 'pk#.goog':80
TCP
HTTP GET requests
- http://pk#.goog/gsr1/gsr1.crt
Other
- 'me############led-directly-vid.trycloudflare.com':443
UDP
- DNS ASK me############led-directly-vid.trycloudflare.com
- DNS ASK pk#.goog
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Pictures\desktop.ini:colL9" //b //e:::vbscript /adr/adradre //e:vbscript //b //e:vbscript /adr/ico/kye
Executes the following
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Pictures\desktop.ini:colL9" //b //e:::vbscript /adr/adradre //e:vbscript //b //e:vbscript /adr/ico/kye' (with hidden window)
