Technical Information
- https://sped.lol/powershell/virus
- %TEMP%\ixp000.tmp\s_obf.bat
- %TEMP%\ixp000.tmp\temp.vbs
- nul
- 'sp##.lol':443
- 'sp##.lol':443
- DNS ASK sp##.lol
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IXP000.TMP\s_obf.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "s_obf.bat"
- '<SYSTEM32>\cscript.exe' //nologo temp.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IXP000.TMP\s_obf.bat" "
- '<SYSTEM32>\cmd.exe' /c dir /b
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\rundll32.exe'
- '<SYSTEM32>\mshta.exe'