Technical Information
- <SYSTEM32>\tasks\3mavnlwhf4kb7r3wv7
- '%WINDIR%\syswow64\taskkill.exe' /im <File name>.exe /f
- %ALLUSERSPROFILE%\{uhcfxl34-1dxz-0hxn-k13hj4zhgjpp}\iexplore.exe
- 'si######gion.duckdns.org':80
- http://si######gion.duckdns.org/gate/connection.php
- http://si######gion.duckdns.org/gate/create.php
- http://si######gion.duckdns.org/gate/config.php
- http://si######gion.duckdns.org/gate/update.php
- '34.##9.100.209':443
- DNS ASK si######gion.duckdns.org
- ClassName: '' WindowName: ''
- '%ALLUSERSPROFILE%\{uhcfxl34-1dxz-0hxn-k13hj4zhgjpp}\iexplore.exe'
- '%ALLUSERSPROFILE%\{uhcfxl34-1dxz-0hxn-k13hj4zhgjpp}\iexplore.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "3MAVNLWHF4KB7R3WV7" /TR "%ALLUSERSPROFILE%\{UHCFXL34-1DXZ-0HXN-K13HJ4ZHGJPP}\iexplore.exe" /F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im <File name>.exe /f & erase nh & exit' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "3MAVNLWHF4KB7R3WV7" /TR "%ALLUSERSPROFILE%\{UHCFXL34-1DXZ-0HXN-K13HJ4ZHGJPP}\iexplore.exe" /F
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im <File name>.exe /f & erase nh & exit