Technical Information
- <SYSTEM32>\tasks\xnonxrkcph.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %APPDATA%\xnonxrkcph.exe
- 'pa##e.ee':443
- '14#.#48.50.100':1113
- DNS ASK pa##e.ee
- '%APPDATA%\xnonxrkcph.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn xnONXrkCpH.exe /tr %APPDATA%\xnONXrkCpH.exe' (with hidden window)
- '%APPDATA%\xnonxrkcph.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn xnONXrkCpH.exe /tr %APPDATA%\xnONXrkCpH.exe
- '<SYSTEM32>\taskeng.exe' {4D2F8319-4CEF-4BAC-B53F-A987EC80F36B} S-1-5-21-1960123792-2022915161-3775307078-1001:wufxfuitavv\user:Interactive:[1]
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'