Technical Information
- %WINDIR%\syswow64\colorcpl.exe
- '20#.#67.64.122':80
- http://20#.#67.64.122/Vcgkusne_Rhxolbsd.jpg
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==
- '%WINDIR%\syswow64\colorcpl.exe'