Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "& 'C:\Users\Public\Videos\PkK.Hta'
- '%WINDIR%\syswow64\mshta.exe' "C:\Users\Public\Videos\PkK.Hta"
- C:\users\public\videos\pkk.hta
- 't3######aua.vizuegub.life':80
- http://t3######aua.vizuegub.life/?1/
- DNS ASK t3######aua.vizuegub.life
- '<SYSTEM32>\cmd.exe' /S /D /c" sEt/p DXOV="%UWTE:5zX=%%R7B:HANKZ=/%" 0<nul 1>%WAGC%%BDI%ta"