Technical Information
- <SYSTEM32>\tasks\nano
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\invoice.pdf
- %APPDATA%\appdata\appdata.exe
- %LOCALAPPDATA%\adobe\color\profiles\wscrgb.icc
- %LOCALAPPDATA%\adobe\color\profiles\wsrgb.icc
- %LOCALAPPDATA%\adobe\color\acecache11.lst
- %TEMP%\a9r1sf54kf_16lbnq8_2d8.tmp
- 'al######spamlamu.con-ip.com':2404
- 'ge###ugin.net':80
- http://ge###ugin.net/json.gp
- 'al######spamlamu.con-ip.com':2404
- DNS ASK al######spamlamu.con-ip.com
- DNS ASK ge###ugin.net
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'
- '%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\acrord32.exe' "%TEMP%\invoice.pdf"
- '%WINDIR%\syswow64\cmd.exe' /c mkdir "%APPDATA%\AppData"
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /sc minute /mo 10 /tn "Nano" /tr "'%APPDATA%\AppData\AppData.exe'" /f
- '%WINDIR%\syswow64\cmd.exe' /c copy "<Full path to file>" "%APPDATA%\AppData\AppData.exe"
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 10 /tn "Nano" /tr "'%APPDATA%\AppData\AppData.exe'" /f