Technical Information
- %WINDIR%\syswow64\rundll32.exe
- %TEMP%\~28722.tmp
- %TEMP%\~28722.tmp
- 'ho####enpost.org':80
- http://ho####enpost.org/uploads/f0f3ff4aed6d77dcc2a4aa3789ebc862.png
- DNS ASK h1######.stratoserver.net
- DNS ASK ho####enpost.org
- '%WINDIR%\syswow64\cmd.exe' /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' shell32.dll,Control_RunDLL
- '%WINDIR%\syswow64\cmd.exe' /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "<Full path to file>"
- '%WINDIR%\syswow64\systeminfo.exe'