Technical Information
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Client Monitor" /rl highest /tr "'%ProgramFiles%\Client\clean.exe' /startup" /f
- <SYSTEM32>\svchost.exe
- %TEMP%\xmlrpc.php911302330.xml
- %TEMP%\GooglePlay190x66.jpg
- %TEMP%\PKimage.aspx1644909446.html
- %ProgramFiles%\Client\clean.exe
- %TEMP%\downgrade.gif
- %TEMP%\afr.php
- %TEMP%\%3C%25=urlKeyword%25%3E1520926209.html
- %TEMP%\functions.js
- %TEMP%\nsi2.tmp
- %TEMP%\gjeldsradgivning.html
- %TEMP%\readmore.min.js
- %TEMP%\veggie_tales_lightbox_bottom.png
- 'localhost':2128
- 'ss####n.duckdns.org':2128
- DNS ASK ss####n.duckdns.org
- ClassName: 'Shell_TrayWnd' WindowName: ''