Technical Information
- <SYSTEM32>\tasks\updates\qpviynkegw
- %WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe
- %TEMP%\dllhost.exe
- %APPDATA%\qpviynkegw.exe
- %TEMP%\tmpc6ad.tmp
- %APPDATA%\qpviynkegw.exe
- %TEMP%\tmpc6ad.tmp
- 'ta###imia.ug':6975
- http://tr###illetc.ug/ac.exe
- DNS ASK tr###illetc.ug
- DNS ASK ta###imia.ug
- '%TEMP%\dllhost.exe'
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\qPViYnKEGW" /XML "%TEMP%\tmpC6AD.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\luVcWL" /XML "%TEMP%\tmp5B3C.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\qPViYnKEGW" /XML "%TEMP%\tmpC6AD.tmp"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe'
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\luVcWL" /XML "%TEMP%\tmp5B3C.tmp"