Technical Information
- %WINDIR%\temp\4bvi6o.bat
- http://sm#####ducation.space/api/loader-version
- DNS ASK sm#####ducation.space
- DNS ASK ch###sharp.com
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\4bvI6O.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\temp\4bvI6O.bat" "