Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\windir\temp.exe
- hidden files
- 'ce######rial.duckdns.org':1700
- DNS ASK ce######rial.duckdns.org
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ping 0 -n 2 & del "<Full path to file>"' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath '"<Full path to file>"'
- '<SYSTEM32>\schtasks.exe' /Delete /tn NYAN /F
- '<SYSTEM32>\cmd.exe' /c ping 0 -n 2 & del "<Full path to file>"
- '<SYSTEM32>\ping.exe' 0 -n 2