Technical Information
- <SYSTEM32>\tasks\{ec5fc97f-837e-4059-a56f-efa08e52cc9b}
- %APPDATA%\microsoft\windows\svchost.exe
- %TEMP%\ljmchv.xml
- %APPDATA%\microsoft\windows\svchost.exe
- %TEMP%\ljmchv.xml
- http://pa###bin.com/raw/4yGcp82N
- DNS ASK pa###bin.com
- '%APPDATA%\microsoft\windows\svchost.exe'
- '<SYSTEM32>\schtasks.exe' /Create /TN "" /XML "%TEMP%\ljmchv.xml"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN "" /XML "%TEMP%\ljmchv.xml"