Technical Information
Modifies file system
Creates the following files
- <Current directory>\0d304f2f922091
- %HOMEPATH%\desktop\nnmjnmkj.log
- %HOMEPATH%\desktop\xbrzxyfr.log
- %HOMEPATH%\desktop\oiieqkkg.log
- %HOMEPATH%\desktop\hujkkgfv.log
- %HOMEPATH%\desktop\rioausad.log
- %HOMEPATH%\desktop\vuypqruo.log
- nul
- %TEMP%\ytlxde4j4u.bat
- %TEMP%\omyw4uiumd
- C:\kms\42af1c969fbb7b
- C:\kms\audiodg.exe
- C:\kms\7a0fd90576e088
- C:\kms\explorer.exe
- C:\kms\69ddcba757bf72
- C:\kms\smss.exe
- <Current directory>\0fc223bdacedc3
- <Current directory>\firefox.exe
- C:\kms\0fc223bdacedc3
- C:\kms\firefox.exe
- %TEMP%\lj25s2cp8t
- %TEMP%\x6qvrcaxdp.bat
Deletes the following files
- %TEMP%\omyw4uiumd
- %TEMP%\lj25s2cp8t
Network activity
UDP
- DNS ASK 04####cm.renyash.ru
- 'localhost':123
Miscellaneous
Creates and executes the following
- 'C:\kms\explorer.exe'
Executes the following
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\yTlXDe4J4u.bat"
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\w32tm.exe' /stripchart /computer:localhost /period:5 /dataonly /samples:2
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\x6qvRCaXDp.bat"
- '<SYSTEM32>\ping.exe' -n 10 localhost
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\kE5LbAifMs.bat"
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\wle9X4LEtL.bat"
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\yTlXDe4J4u.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\x6qvRCaXDp.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\kE5LbAifMs.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\wle9X4LEtL.bat"' (with hidden window)
