Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "& 'C:\Users\Public\Videos\tKS.Hta'
- '%WINDIR%\syswow64\mshta.exe' "C:\Users\Public\Videos\tKS.Hta"
- C:\users\public\videos\tks.hta
- '11####.yvfg82l5n.top':80
- 'cl###flare.com':443
- 'microsoft.com':80
- http://11####.yvfg82l5n.top/?1/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'cl###flare.com':443
- DNS ASK 11####.yvfg82l5n.top
- DNS ASK cl###flare.com
- DNS ASK microsoft.com
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p 7ZGV="%EHAF:Xks=%%UE9:IAHEG=/%" 0<nul 1>%INBT%%ONY%ta"