Technical Information
- <SYSTEM32>\tasks\terminating
- '25####b8.nat123.fun':801
- DNS ASK 25####b8.nat123.fun
- '%WINDIR%\syswow64\cmd.exe' /c move /y "" "%HOMEPATH%\Desktop\111"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c attrib %HOMEPATH%\Desktop\111\12.exe +h +s' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c move /y "" "%HOMEPATH%\Desktop\111"
- '%WINDIR%\syswow64\cmd.exe' /c attrib %HOMEPATH%\Desktop\111\12.exe +h +s
- '%WINDIR%\syswow64\attrib.exe' %HOMEPATH%\Desktop\111\12.exe +h +s