Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\onceupdate.exe
- chrome update.exe
- %TEMP%\chrome update.exe
- %TEMP%\anakin.exe
- 'ki####ing1.ddns.net':1199
- DNS ASK ki####ing1.ddns.net
- '%TEMP%\chrome update.exe'
- '%TEMP%\anakin.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -command Copy-Item '%TEMP%\Chrome Update.exe' '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\OnceUpdate.exe'