Technical Information
- https://www63.zippyshare.com/d/ki3odfqk/30905/server.exe as %temp%\example.exe
- %TEMP%\1257.tmp\pqcalhww.bat
- %TEMP%\1257.tmp\pqcalhww.bat
- DNS ASK ww###.#ippyshare.com
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1257.tmp\PQCALHwW.bat" "<Full path to file>""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1257.tmp\PQCALHwW.bat" "<Full path to file>""