Technical Information
- <SYSTEM32>\tasks\iexplore
- %APPDATA%\iexplore.exe
- %TEMP%\tmpffe0.tmp.bat
- nul
- 'se####.b92dt.com':36868
- 'se####.#ukhitoithuong.co':36868
- DNS ASK se####.b92dt.com
- DNS ASK se####.#ukhitoithuong.co
- '%APPDATA%\iexplore.exe'
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn "iexplore" /tr '"%APPDATA%\iexplore.exe"' & exit' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn "iexplore" /tr '"%APPDATA%\iexplore.exe"' & exit
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmpFFE0.tmp.bat""
- '<SYSTEM32>\schtasks.exe' /create /f /sc onlogon /rl highest /tn "iexplore" /tr '"%APPDATA%\iexplore.exe"'
- '<SYSTEM32>\timeout.exe' 3