As time goes by, malware writers invent new methods to bypass security products. During our research, we came across an attack targeting Windows servers in APAC and revealed the attackers infrastructure, where we observed the uploading of sensitive data, such as Windows login credentials, OS version and IP addresses (internal and external) from between 3-10 different victims each second.