Technical Information
- <SYSTEM32>\tasks\dmkngi.exe
- %APPDATA%\windata\hzxsvq.exe
- 'te####eo.ddns.net':4000
- DNS ASK te####eo.ddns.net
- '%APPDATA%\windata\hzxsvq.exe'
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /tn DMKNGI.exe /tr %APPDATA%\Windata\HZXSVQ.exe /sc minute /mo 1' (with hidden window)
- '%APPDATA%\windata\hzxsvq.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c schtasks /create /tn DMKNGI.exe /tr %APPDATA%\Windata\HZXSVQ.exe /sc minute /mo 1
- '%WINDIR%\syswow64\schtasks.exe' /create /tn DMKNGI.exe /tr %APPDATA%\Windata\HZXSVQ.exe /sc minute /mo 1
- '<SYSTEM32>\taskeng.exe' {1BB3AAE4-8EAD-4E50-8052-5EEB6C1B6770} S-1-5-21-1960123792-2022915161-3775307078-1001:esnqmdpnxnx\user:Interactive:[1]