Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Bojanern6' = '%TEMP%\matro\quackismc.vbs'
- quackismc.exe
- %TEMP%\matro\quackismc.exe
- %TEMP%\matro\quackismc.vbs
- 'on####ve.live.com':443
- 'ap####.#m.files.1drv.com':443
- 'na####re.ddns.net':4880
- DNS ASK on####ve.live.com
- DNS ASK ap####.#m.files.1drv.com
- DNS ASK na####re.ddns.net
- '%TEMP%\matro\quackismc.exe'