Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe, %APPDATA%\d96232e0\eudcedit.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\d96232e0\eudcedit.exe
- %APPDATA%\Explorer\aCCCCC.xml
- %APPDATA%\Explorer\Example.exe
- %APPDATA%\Explorer\aCCCCC.xml
- 'mo###ohash.com':3333
- DNS ASK mo###ohash.com
- '<SYSTEM32>\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "Explorer\Explorer" /XML "%APPDATA%\Explorer\aCCCCC.xml"