Technical Information
- <SYSTEM32>\tasks\task5h3dku8
- C:\users\public\winlogon.exe
- C:\users\public\g4h5j2.bat
- C:\users\public\stsk.exe
- C:\users\public\studio.exe
- %PROGRAMDATA%\قا嗶δηнг.exe
- C:\users\public\stsk.exe
- http://64.##8.27.162/PjiE5Tg6
- http://mi###crop.space/tempik/aboutBut.php
- http://mi###crop.space/Pan/dbloader.php/?fu################################################################
- DNS ASK mi###crop.space
- 'C:\users\public\winlogon.exe'
- 'C:\users\public\stsk.exe' /create /tn "Task5H3DKU8" /tr C:\Users\Public\winlogon.exe /sc onlogon
- 'C:\users\public\studio.exe'
- '%PROGRAMDATA%\قا嗶δηнг.exe'
- '%PROGRAMDATA%\قا嗶δηнг.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\g4h5j2.bat
- '%WINDIR%\syswow64\cmd.exe' /C choice /C Y /N /D Y /T 5 & Del "<Full path to file>" & Del C:\Users\Public\tmpdir\tmpd.bat & Del C:\Users\Public\tmpdir\tmps.bat & Del C:\Users\Public\tmp.bat & Del C:\Users\Public\g4h5j2.ba...
- '%WINDIR%\syswow64\choice.exe' /C Y /N /D Y /T 5