Technical Information
- <SYSTEM32>\tasks\seleonjyqz
- %APPDATA%\seleonjyqz
- DNS ASK pa##e.ee
- '%APPDATA%\seleonjyqz'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn SELeONJyQZ /tr %APPDATA%\SELeONJyQZ' (with hidden window)
- '%APPDATA%\seleonjyqz' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn SELeONJyQZ /tr %APPDATA%\SELeONJyQZ
- '<SYSTEM32>\taskeng.exe' {76B2E8C2-9338-4E53-89EB-DBB4BA7A5023} S-1-5-21-1960123792-2022915161-3775307078-1001:hdzphlrr\user:Interactive:[1]