Technical Information
Modifies file system
Creates the following files
- %PROGRAMDATA%\hp\2020\28025156.zip
- %PROGRAMDATA%\hp\2020\7\dotnetzip-jtima1cx.tmp
- %PROGRAMDATA%\hp\2020\1\dotnetzip-oczngedk.tmp
- %PROGRAMDATA%\hp\2020\2\dotnetzip-drok2i1v.tmp
- %PROGRAMDATA%\hp\2020\3\dotnetzip-dsfdvpjl.tmp
- %PROGRAMDATA%\hp\2020\4\6\dotnetzip-xpjdurw2.tmp
- %PROGRAMDATA%\hp\2020\4\8\dotnetzip-pbnwzetb.tmp
Moves the following files
- from %PROGRAMDATA%\hp\2020\7\dotnetzip-jtima1cx.tmp to %PROGRAMDATA%\hp\2020\7\taskhh.exe
- from %PROGRAMDATA%\hp\2020\1\dotnetzip-oczngedk.tmp to %PROGRAMDATA%\hp\2020\1\dwmn.exe
- from %PROGRAMDATA%\hp\2020\2\dotnetzip-drok2i1v.tmp to %PROGRAMDATA%\hp\2020\2\winini.exe
- from %PROGRAMDATA%\hp\2020\3\dotnetzip-dsfdvpjl.tmp to %PROGRAMDATA%\hp\2020\3\csiiss.exe
- from %PROGRAMDATA%\hp\2020\4\6\dotnetzip-xpjdurw2.tmp to %PROGRAMDATA%\hp\2020\4\6\svchostt.exe
Network activity
Connects to
- '61###00.site':80
TCP
HTTP GET requests
- http://61###00.site/28025156/28025156/
UDP
- DNS ASK 61###00.site
