Technical Information
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\explorer" /XML "%TEMP%\z927"
- %APPDATA%\Monitor\Screenshots\03-22-2017\3.54 PM
- %TEMP%\z927
- %APPDATA%\explorer.exe
- %TEMP%\z927
- 'sl#####.bounceme.net':19841
- 'sa####ion.noip.me':19841
- DNS ASK sl#####.bounceme.net
- DNS ASK sa####ion.noip.me