Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ilkase.exe' = '"%APPDATA%\ilkase\ilkase.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\ilkase.lnk
- %TEMP%\aut1.tmp
- %APPDATA%\ilkase\ilkase.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\sht12[1]
- %TEMP%\aut1.tmp
- 'sh##l.cc':80
- http://sh##l.cc/sht12
- DNS ASK sh##l.cc
- '%APPDATA%\ilkase\ilkase.exe'
- '<SYSTEM32>\cmd.exe' /c schtasks /create /tn "ilkase" /tr "%APPDATA%\ilkase\ilkase.exe" /sc daily
- '<SYSTEM32>\schtasks.exe' /create /tn "ilkase" /tr "%APPDATA%\ilkase\ilkase.exe" /sc daily