Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\fwenzn\aimvvmkdck.exe
- %ALLUSERSPROFILE%\remcos\logs.dat
- DNS ASK ma#####ryousaf.ddns.net
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMwA1AA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-Date
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMwA1AA==