Technical Information
- <Current directory>\nxtpkients.exe
- %TEMP%\6c78.tmp.bat
- %APPDATA%\media\win-a51f09ff.db
- %ALLUSERSPROFILE%\hai.a
- %TEMP%\is-jkotc.tmp\nxtpkients.tmp
- %TEMP%\is-2k1h8.tmp\_isetup\_setup64.tmp
- %ALLUSERSPROFILE%\hai.a
- DNS ASK ar.###tin.p-e.kr
- DNS ASK ai.###tin.p-e.kr
- '<Current directory>\nxtpkients.exe'
- '%TEMP%\is-jkotc.tmp\nxtpkients.tmp' /SL5="$8024E,6291726,231424,<Current directory>\NXTPKIENTS.exe"
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\Media\win-a51f09ff.db" hai' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /delete /f /tn "ChromeUpdateTaskMachineUAC"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\6C78.tmp.bat
- '<SYSTEM32>\rundll32.exe' "%APPDATA%\Media\win-a51f09ff.db" hai
- '<SYSTEM32>\schtasks.exe' /delete /f /tn "ChromeUpdateTaskMachineUAC"