Technical Information
- [<HKLM>\System\CurrentControlSet\Services\pwrshplugin] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\pwrshplugin] 'ImagePath' = '"%WINDIR%\SysWOW64\pwrshplugin\pwrshplugin.exe"'
- from <Full path to file> to %WINDIR%\syswow64\pwrshplugin\pwrshplugin.exe
- '19#.#7.227.130':80
- http://19#.#7.227.130/JV8Pce5yTKuwr1XSs39/GWfGNWe6B7rVE8cO9/S3wwb3qV8OxF/yyZz5SxdhMvFtKC/fmXyGPYw49jzL/AW5UFeMQy/