Technical Information
- <File name>.exe
- %TEMP%\<File name>.exe
- '18#.#63.45.70':80
- '18#.#63.204.22':80
- '17#.#2.113.205':80
- http://17#.#2.113.205/balaz009
- '%TEMP%\<File name>.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwAA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwAA==