Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Xdrqps' = '"%APPDATA%\TXSqxhf\Xdrqps.exe"'
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %APPDATA%\txsqxhf\xdrqps.exe
- '92.##.102.95':80
- http://92.##.102.95/loader/uploads/@scrappss_Fbqngllp.jpg
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgAxAA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgAxAA==
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'