Technical Information
- 'no#####hoanggiatn.com':80
- http://no#####hoanggiatn.com/loader/uploads/noicon_Wtebgjvy.png
- DNS ASK no#####hoanggiatn.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAANQAwAA==' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-Date
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAANQAwAA==