Technical Information
- <SYSTEM32>\tasks\active
- C:\users\public\pictures\17522\act.exe
- C:\users\public\videos\dangtalk.exe
- C:\users\public\pictures\17522\ttvip.exe
- C:\users\public\pictures\17522\libcef.dll
- C:\users\public\pictures\17522\act.exe
- C:\users\public\videos\dangtalk.exe
- from C:\users\public\pictures\17522\act.exe to %TEMP%\979187\....\temporaryfile
- from <Full path to file> to %TEMP%\_@f46c.tmp
- '1.###egraah.com':82
- '2h#.##legramh.net':1001
- http://1.####graah.com:82/bak/act.ocx via 1.###egraah.com
- http://1.####graah.com:82/bak/2h.ocx via 1.###egraah.com
- http://1.####graah.com:82/bak/aa.ocx via 1.###egraah.com
- http://1.####graah.com:82/bak/libcef.dll via 1.###egraah.com
- '2h#.##legramh.net':1001
- DNS ASK 1.###egraah.com
- DNS ASK 2h#.##legramh.net
- 'C:\users\public\pictures\17522\act.exe' 6 23321 fds01234fs56789123afds
- 'C:\users\public\videos\dangtalk.exe'
- 'C:\users\public\pictures\17522\act.exe' 6 23321 fds01234fs56789123afds' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONLOGON /TN active /F /RL HIGHEST /TR C:\Users\Public\Pictures\17522\ttvip.exe' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONLOGON /TN active /F /RL HIGHEST /TR C:\Users\Public\Pictures\17522\ttvip.exe