Technical Information
- https://pivotpower24.com/btcvtr/play/sixtus.exe as %temp+%\newfile.exe
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\content.word\~wrf{a2bfce36-71c8-4ea1-9557-45aff6b54672}.tmp
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- 'pi####ower24.com':443
- DNS ASK pi####ower24.com
- '%ProgramFiles%\microsoft office\office14\excel.exe' -Embedding
- '%ProgramFiles%\microsoft office\office14\excelcnv.exe' -Embedding