Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\cmd.exe /c "%TEMP%\s.cmd"
Modifies file system :
Creates the following files:
- %TEMP%\s.cmd
- %TEMP%\nrnxryi
- %TEMP%\aut1.tmp
Deletes the following files:
- %TEMP%\s.cmd
- %TEMP%\nrnxryi
- %TEMP%\aut1.tmp
Deletes itself.