Technical Information
- <SYSTEM32>\tasks\updates\aawjgrkreh
- %APPDATA%\aawjgrkreh.exe
- %TEMP%\tmpd93b.tmp
- %TEMP%\tmpd93b.tmp
- 'ta##ra.ug':6970
- DNS ASK as#####dfgdnbvrwe.ru
- DNS ASK ta##ra.ug
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\aawjgrKReh" /XML "%TEMP%\tmpD93B.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\aawjgrKReh" /XML "%TEMP%\tmpD93B.tmp"