Technical Information
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\xshcs.exe
- 'uc#############673a94e1481a8.dl.dropboxusercontent.com':443
- 'no#####1881.duckdns.org':1313
- DNS ASK uc#############673a94e1481a8.dl.dropboxusercontent.com
- DNS ASK no#####1881.duckdns.org
- '%TEMP%\xshcs.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\
- '%WINDIR%\syswow64\cmd.exe'