Technical Information
- <SYSTEM32>\tasks\mnolyk.exe
- %TEMP%\4b9a106e76\mnolyk.exe
- '19#.#33.20.2':80
- http://19#.#33.20.2/Bn89hku/index.php
- '%TEMP%\4b9a106e76\mnolyk.exe'
- '%TEMP%\4b9a106e76\mnolyk.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "%TEMP%\4b9a106e76\mnolyk.exe" /F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "%TEMP%\4b9a106e76\mnolyk.exe" /F
- '%WINDIR%\syswow64\cmd.exe' /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" echo Y"
- '%WINDIR%\syswow64\cacls.exe' "mnolyk.exe" /P "user:N"
- '%WINDIR%\syswow64\cacls.exe' "mnolyk.exe" /P "user:R" /E
- '%WINDIR%\syswow64\cacls.exe' "..\4b9a106e76" /P "user:N"
- '%WINDIR%\syswow64\cacls.exe' "..\4b9a106e76" /P "user:R" /E