Technical Information
- <SYSTEM32>\tasks\microsoft\windows\wininet\taskguard
- <SYSTEM32>\tasks\microsoft\windows\wininet\cachedns
- DNS server to '114.114.114.114'
- %TEMP%\6641.tmp
- %ALLUSERSPROFILE%\microsoft\wininet\cachedns.exe
- 'jc####.###-cn-hangzhou.aliyuncs.com':80
- http://jc####.###-cn-hangzhou.aliyuncs.com/test3.ini
- DNS ASK jc####.###-cn-hangzhou.aliyuncs.com
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\regedit.exe' /s %WINDIR%\apppatch\svchost.sdb' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {09A37F1E-94B9-4E23-BA31-C06BE5454444} S-1-5-21-1960123792-2022915161-3775307078-1001:akodifrr\user:Interactive:[1]
- '%WINDIR%\regedit.exe' /s %WINDIR%\apppatch\svchost.sdb