Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\testo.lnk
- %PROGRAMDATA%\ctest.ps1
- 'la####e2.hopto.org':20000
- DNS ASK la####e2.hopto.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noprofile -executionpolicy bypass %PROGRAMDATA%\CTest.ps1
- '<SYSTEM32>\cmd.exe' /c attrib +S +H <PATH_SAMPLE>.vbs' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noprofile -executionpolicy bypass %PROGRAMDATA%\CTest.ps1' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c attrib +S +H <PATH_SAMPLE>.vbs
- '<SYSTEM32>\attrib.exe' +S +H <PATH_SAMPLE>.vbs
- '<SYSTEM32>\wbem\wmic.exe' PATH Win32_videocontroller GET name