Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\run.vbs
- C:\users\public\oap\dd.exe
- C:\users\public\oap\run.vbs
- C:\users\public\hex.ps1
- C:\users\public\hex.vbs
- http://www.we###devs.net/Assets/softwaredetails.txt
- DNS ASK ar##ive.org
- DNS ASK we###devs.net
- DNS ASK ia#####6.us.archive.org
- DNS ASK we####evs.netassets
- 'C:\users\public\oap\dd.exe'
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\OAP\run.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\Hex.ps1
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\Hex.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nologo -ExecutionPolicy Unrestricted -File C:\Users\Public\Hex.ps1' (with hidden window)