Technical Information
- <SYSTEM32>\tasks\updates\wkgggwlmoaqiz
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %APPDATA%\wkgggwlmoaqiz.exe
- %TEMP%\tmpdb92.tmp
- %TEMP%\cd528d22-2270-ea62-af9f-fcadffa7ff8e
- %APPDATA%\wkgggwlmoaqiz.exe
- %TEMP%\tmpdb92.tmp
- 'ma##.#abf.com.au':25
- http://bo#.####ismyipaddress.com/
- DNS ASK bo#.####ismyipaddress.com
- DNS ASK ma##.#abf.com.au
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe' /logtoconsole=false /logfile= /u "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\WkGggWLmOAqiZ" /XML "%TEMP%\tmpDB92.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe' /logtoconsole=false /logfile= /u "<Full path to file>"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\WkGggWLmOAqiZ" /XML "%TEMP%\tmpDB92.tmp"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'