Technical Information
- <SYSTEM32>\svchost.exe
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %APPDATA%\BAEXCJT\BAEXCJT.exe
- %APPDATA%\BAEXCJT\axxxxx.xml
- %TEMP%\%USERNAME%2.txt
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%7
- %APPDATA%\BAEXCJT\axxxxx.xml
- %TEMP%\%USERNAME%2.txt
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- 'do####u.mooo.com':2018
- DNS ASK do####u.mooo.com
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "BAEXCJT\BAEXCJT" /XML "%APPDATA%\BAEXCJT\axxxxx.xml"