Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iexplore' = '"C:/Windows/System32/\iexplore.exe"'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'iexplore' = '"C:/Windows/System32/\iexplore.exe"'
- [<HKLM>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe, "C:/Windows/System32/\iexplore.exe"'
- <SYSTEM32>\tasks\iexplore
- <SYSTEM32>\tasks\iexplorei
- <SYSTEM32>\iexplore.exe
- <SYSTEM32>\9db6e019d4f04e
- '89.##8.83.45':80
- http://89.##8.83.45/Imagelow/0/dumpWindowsauth/Dump6Temppacket/Cdn/wordpressVm9Http/VmCpu/Temp/tocpuserverFlower.php?k1##########################################################################...
- '<SYSTEM32>\iexplore.exe'
- '<SYSTEM32>\iexplore.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 7 /tr "'C:/Windows/System32/\iexplore.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplore" /sc ONLOGON /tr "'C:/Windows/System32/\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 12 /tr "'C:/Windows/System32/\iexplore.exe'" /rl HIGHEST /f