Technical Information
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- 'et#####usb.duckdns.org':443
- http://et######sb.duckdns.org:443/1480313 via et#####usb.duckdns.org
- DNS ASK et#####usb.duckdns.org
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionProcess 'Software_Reporter_Tool.exe'
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "<Full path to file>"
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 3