Technical Information
- <SYSTEM32>\tasks\browser service
- %HOMEPATH%\documents\clienthost_new.exe
- %HOMEPATH%\documents\zxkpnma6wu.exe
- %HOMEPATH%\documents\clienthost_new.exe
- %HOMEPATH%\documents\zxkpnma6wu.exe
- %HOMEPATH%\documents\clienthost_new.exe
- '17#.#11.174.107':80
- http://17#.#11.174.107/Api/GetFile?id#########################
- '%HOMEPATH%\documents\clienthost_new.exe'
- '%HOMEPATH%\documents\zxkpnma6wu.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Browser service" /tr "%HOMEPATH%\Documents\ZXKPNMA6WU.exe" /f' (with hidden window)
- '%HOMEPATH%\documents\zxkpnma6wu.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Browser service" /tr "%HOMEPATH%\Documents\ZXKPNMA6WU.exe" /f
- '<SYSTEM32>\taskeng.exe' {9B5C5318-8855-42AF-9976-86B7AA264EBE} S-1-5-21-1960123792-2022915161-3775307078-1001:mqnbglh\user:Interactive:[1]