Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\google\chrome.exe
- <File name>.exe
- %TEMP%\_ysjcqnlggbbzhcwmia.vbs
- %TEMP%\<File name>.exe
- 'se####.twitter.com':80
- '<LOCALNET>.208.131':7127
- http://se####.twitter.com/search.atom?&q######
- DNS ASK se####.twitter.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\_Ysjcqnlggbbzhcwmia.vbs"
- '%TEMP%\<File name>.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Microsoft\Windows\Start Menu\Programs\Google\Chrome.exe'' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%APPDATA%\Microsoft\Windows\Start Menu\Programs\Google\Chrome.exe'