Technical Information
Modifies file system
Creates the following files
- <Current directory>\10.0.90.21.logs
Deletes the following files
- <Current directory>\10.0.90.21.logs
Deletes itself.
Network activity
Connects to
- '<LOCALNET>.9.168':445
- '<LOCALNET>.9.168':139
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /C reg.exe ADD HKCU\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f & reg.exe ADD HKU\.DEFAULT\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & del 10.0.90.21.*' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & sdelete -p 7 "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & Del "<Full path to file>"' (with hidden window)
Executes the following
- '<SYSTEM32>\cmd.exe' /C reg.exe ADD HKCU\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f & reg.exe ADD HKU\.DEFAULT\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' ADD HKCU\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' ADD HKU\.DEFAULT\Software\Sysinternals\Sdelete /v EulaAccepted /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & del 10.0.90.21.*
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & sdelete -p 7 "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /C ping 127.0.0.1 -n 5 -w 1000 & Del "<Full path to file>"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5 -w 1000
