Technical Information
- 'lm##.###italmoneyis.best':80
- http://lm##.###italmoneyis.best/loader/uploads/CrackedPhantomOverlay_Wirhmxzg.jpg
- DNS ASK lm##.###italmoneyis.best
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADsAIABSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEMAOgBcAG4AeQB4AHoAbQBkAFwAbwBmAGgAdgBiAHgAbABsAC4AZQB4AGUAIgAgAC0ARgBvAHIAYwBlAA==' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADsAIABSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIAAiAEMAOgBcAG4AeQB4AHoAbQBkAFwAbwBmAGgAdgBiAHgAbABsAC4AZQB4AGUAIgAgAC0ARgBvAHIAYwBlAA==