Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Start Network Service' = '<LS_APPDATA>\Microsoft\CLR_v2.0\ian5b9n7.exe'
- <LS_APPDATA>\Microsoft\CLR_v2.0\ian5b9n7.exe
- <Full path to file>
- 'wp#d':80
- 'de######rtal.firefox.com':80
- 'cr##ex.host':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://de######rtal.firefox.com/success.txt
- http://cr##ex.host/newlistresources.php
- http://cr##ex.host/api/register
- DNS ASK wp#d
- DNS ASK de######rtal.firefox.com
- DNS ASK cr##ex.host
- '<LS_APPDATA>\Microsoft\CLR_v2.0\ian5b9n7.exe' "hello" "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /C SchTasks /Create /SC MINUTE /TN "Start Network Service" /TR "<LS_APPDATA>\Microsoft\CLR_v2.0\ian5b9n7.exe slkd72e3" /MO 1 /F
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /TN "Start Network Service" /TR "<LS_APPDATA>\Microsoft\CLR_v2.0\ian5b9n7.exe slkd72e3" /MO 1 /F