Technical Information
- %TEMP%\tmp24aftmp.exe
- DNS ASK an####ndance.art
- '%TEMP%\tmp24aftmp.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Microsoft\Windows\Start Menu\Programs\Skype.exe'' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%TEMP%\_Rspvhqyp.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Microsoft\Windows\Start Menu\Programs\Skype.exe'