Technical Information
- http://re###-edi.xyz/remit/edi.js as .\mshta.js
- %TEMP%\7zipsfx.000\eternal.bat
- %TEMP%\7zipsfx.000\eternal.bat
- 're###-edi.xyz':80
- 're###-edi.xyz':443
- 're###-edi.xyz':443
- DNS ASK re###-edi.xyz
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\eternal.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7ZipSfx.000\eternal.bat" "