Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'value' = '%APPDATA%\Media\KingSoft.exe'
- %TEMP%\processinfo.tmp
- %TEMP%\edge810011.tmp
- %TEMP%\processinfo.tmp
- from <Full path to file> to %APPDATA%\media\kingsoft.exe
- '62.##.207.32':443
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\Media\KingSoft.exe & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c tasklist /V >>%TEMP%\edgE810011.tmp && ipconfig /all >>%TEMP%\edgE810011.tmp && netstat -ano >>%TEMP%\edgE810011.tmp&& ipconfig >>%TEMP%\edgE810011.tmp&& netsh wlan show networks mode=Bssi...' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %APPDATA%\Media\KingSoft.exe & exit
- '%WINDIR%\syswow64\cmd.exe' /c tasklist /V >>%TEMP%\edgE810011.tmp && ipconfig /all >>%TEMP%\edgE810011.tmp && netstat -ano >>%TEMP%\edgE810011.tmp&& ipconfig >>%TEMP%\edgE810011.tmp&& netsh wlan show networks mode=Bssi...
- '%WINDIR%\syswow64\tasklist.exe' /V
- '%WINDIR%\syswow64\ipconfig.exe' /all
- '%WINDIR%\syswow64\netstat.exe' -ano
- '%WINDIR%\syswow64\ipconfig.exe'
- '%WINDIR%\syswow64\netsh.exe' wlan show networks mode=Bssid