Technical Information
- <SYSTEM32>\tasks\hich oftedgeupdate
- C:\users\public\hich.ps1
- C:\users\public\hich.bat
- C:\users\public\hich.vbs
- '18#.#1.157.103':80
- http://18#.#1.157.103/96/2.vbs
- http://18#.#1.157.103/96/1.txt
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\hich.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\hich.ps1'"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' iex('(&aUTSRQPONï¼ВLKJIHZYXWVGFEhUTSRQPONï¼...' (with hidden window)
- '<SYSTEM32>\wscript.exe' "C:\Users\Public\hich.vbs"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\hich.bat" "' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' iex('(&aUTSRQPONï¼ВLKJIHZYXWVGFEhUTSRQPONï¼...
- '<SYSTEM32>\taskeng.exe' {76A27ABB-6FEF-41CC-8EA9-9392A80A4FF7} S-1-5-21-1238866942-1249195528-555854008-1000:mjzdeq\user:Interactive:[1]
- '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\hich.bat" "