[DesktopECHO]

Funny you mention it, as it also had ADUPS. By itself, I can deal with that.

Actually it more resembles the CopyCat malware. My challenge is finding the hook in system_server that downloads the payload from C2.

* https://www.checkpoint.com/downloads/resources/copycat-resea...