Technical Information
- %WINDIR%\syswow64\ipconfig.exe
- 'ho####hsewinqsk.com':80
- http://ho####hsewinqsk.com/DHL_SHIPMENT_Qehdgrgm.bmp
- DNS ASK ho####hsewinqsk.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgAwAA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgAwAA==
- '%WINDIR%\syswow64\ipconfig.exe'