Technical Information
- <Full path to file>
- <File name>.exe
- %TEMP%\797582.js
- 'el######r789.duckdns.org':9417
- DNS ASK el######r789.duckdns.org
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\797582.js"
- '%WINDIR%\syswow64\cmd.exe' /c timeout 5 & powershell -command Start-Process -WindowStyle hidden -FilePath '%TEMP%\\797582.js'; Start-Sleep -s 5; Start-Process -WindowStyle hidden -FilePath '%APPDATA%\Microsoft\Windows\St...' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\797582.js"' (with hidden window)
- '%APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 5 & powershell -command Start-Process -WindowStyle hidden -FilePath '%TEMP%\\797582.js'; Start-Sleep -s 5; Start-Process -WindowStyle hidden -FilePath '%APPDATA%\Microsoft\Windows\St...
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Start-Process -WindowStyle hidden -FilePath '%TEMP%\\797582.js'; Start-Sleep -s 5; Start-Process -WindowStyle hidden -FilePath '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\...