Technical Information
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -Force -ExclusionPath "'C:\'"
- %TEMP%\is-v2uur.tmp\<File name>.tmp
- %TEMP%\is-avs6m.tmp\_isetup\_setup64.tmp
- %TEMP%\is-avs6m.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-avs6m.tmp\idp.dll
- %TEMP%\is-avs6m.tmp\1.exe
- 'im#####lestorage.top':80
- http://im#####lestorage.top/data/5637482599/1.exe
- http://im#####lestorage.top/data/5637482599/my.exe
- DNS ASK im#####lestorage.top
- '%TEMP%\is-v2uur.tmp\<File name>.tmp' /SL5="$A0250,230458,140800,<Full path to file>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -Force -ExclusionPath "'C:\'"' (with hidden window)