Technical Information
- <SYSTEM32>\tasks\updates\gchnsqkmpgbt
- %APPDATA%\gchnsqkmpgbt.exe
- %TEMP%\tmp846f.tmp
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\gchnsqkmpgbt.exe
- %TEMP%\tmp846f.tmp
- 'mi######erated.duckdns.org':6616
- 'sw######bath.duckdns.org':6616
- DNS ASK mi######erated.duckdns.org
- DNS ASK sw######bath.duckdns.org
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\GcHNSqKmPGbt" /XML "%TEMP%\tmp846F.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\GcHNSqKmPGbt" /XML "%TEMP%\tmp846F.tmp"