Technical Information
- [<HKCU>\Software\Microsoft\IEAK\GroupPolicy\PendingGPOs] 'Path1' = '%APPDATA%\Microsoft\Internet Explorer\srdeTCP.inf'
- %WINDIR%\syswow64\mstsc.exe
- %APPDATA%\microsoft\internet explorer\srdetcp.exe
- %APPDATA%\microsoft\internet explorer\srdetcp.inf
- <Current directory>\978719.bat
- 'ss####urehost.com':80
- 'ss####urehost.com':80
- DNS ASK ss####urehost.com
- '%APPDATA%\microsoft\internet explorer\srdetcp.exe'
- '%APPDATA%\microsoft\internet explorer\srdetcp.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\978719.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\mstsc.exe' "<Full path to file>"
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\978719.bat" "<Full path to file>""
- '%WINDIR%\syswow64\attrib.exe' -r -s -h "<Full path to file>"
- '%WINDIR%\syswow64\mstsc.exe' "%APPDATA%\Microsoft\Internet Explorer\srdeTCP.exe"