Technical Information
- %WINDIR%\tasks\onljhf.job
- <SYSTEM32>\tasks\onljhf
- %ALLUSERSPROFILE%\xisdmw\onljhf.exe
- 'de###coma.com':4039
- DNS ASK de###coma.com
- '%ALLUSERSPROFILE%\xisdmw\onljhf.exe' start
- '%ALLUSERSPROFILE%\xisdmw\onljhf.exe' start' (with hidden window)