Technical Information
- <SYSTEM32>\tasks\hspintsdk
- '%TEMP%\57yhyh.exe'
- %TEMP%\57yhyh.exe
- <SYSTEM32>\discordwebhooklink
- 'ip#####.#hatismyipaddress.com':80
- 'ap#.#pdata.co':443
- 'x.##2.us':80
- 'microsoft.com':80
- 'ap#.#pdata.co':443
- DNS ASK ip#####.#hatismyipaddress.com
- DNS ASK ap#.#pdata.co
- DNS ASK x.##2.us
- DNS ASK microsoft.com
- '<SYSTEM32>\schtasks.exe' /query /TN hspintsdk
- '<SYSTEM32>\cmd.exe' /C schtasks.exe /create /tn hspintsdk /tr %APPDATA%/MicrosoftUpdate/57yhyh.ExE /SC minute /mo 1
- '<SYSTEM32>\schtasks.exe' /create /tn hspintsdk /tr %APPDATA%/MicrosoftUpdate/57yhyh.ExE /SC minute /mo 1
- '<SYSTEM32>\taskeng.exe' {FC0B7FB9-9BD1-4BD1-A4C7-F6E2D0008A94} S-1-5-21-1960123792-2022915161-3775307078-1001:ddpxrwdnf\user:Interactive:[1]