Technical Information
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{a5ecd9c6-d9c6-d9c6-d9c6-a5ecd9c6d9c6}
- https://www.ta###usa.com/wp-content/themes/modernize-v3-20/twitter.exe as $pathtoexe
- %TEMP%\9ad.tmp
- %APPDATA%\gjgfufd
- %TEMP%\f399.tmp.bat
- %APPDATA%\gjgfufd
- '10#.#91.46.239':80
- http://we####tstats.com/
- DNS ASK we####tstats.com
- DNS ASK sc###wist.com
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\F399.tmp.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\F399.tmp.bat" "