Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\dwm.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\file.jpg
- %TEMP%\agdfdffdffhit.bat
- %TEMP%\thfdsfnewstrar.bat
- 'my#####k444.duckdns.org':4444
- DNS ASK my#####k444.duckdns.org
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\agdfdffdffhit.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\thfdsfnewstrar.bat' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\agdfdffdffhit.bat
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\thfdsfnewstrar.bat
- '%WINDIR%\syswow64\timeout.exe' /t 300