Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\iwqbjcpoqk\spgzvr.exe
- 'mi####-dolowacki.pl':80
- http://mi####-dolowacki.pl/inc/tpls/panel/uploads/Cxqftreto.dll
- DNS ASK mi####-dolowacki.pl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==