Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,"<SYSTEM32>\clientmon.exe"'
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "Javac" /rl highest /tr "'\578266\Javax.exe' /startup" /f
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\clientmon.exe
- C:\578266\Javax.exe
- C:\09ee6122e4982336748d80ef3dc4142928f57aef
- C:\09ee6122e4982336748d80ef3dc4142928f57aef
- from <Full path to file> to %TEMP%\7366
- 'sh####mekz.ddns.net':1559
- DNS ASK sh####mekz.ddns.net