Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Task Manager' = '%APPDATA%\Windows Task Manager\taskmgr.exe'
- %TEMP%\ajses.txt
- %TEMP%\ajses.bat
- %APPDATA%\windows task manager\taskmgr.txt
- %APPDATA%\windows task manager\taskmgr.exe
- %APPDATA%\bin.txt
- %TEMP%\ajses.txt
- %TEMP%\ajses.bat
- %APPDATA%\windows task manager\taskmgr.txt
- DNS ASK so#####e69.no-ip.org
- '%APPDATA%\windows task manager\taskmgr.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\AJSes.bat" "' (with hidden window)
- '%APPDATA%\windows task manager\taskmgr.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\AJSes.bat" "
- '%WINDIR%\syswow64\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Task Manager" /t REG_SZ /d "%APPDATA%\Windows Task Manager\taskmgr.exe" /f
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe' "%APPDATA%\Windows Task Manager\taskmgr.exe"