Technical Information
- <SYSTEM32>\tasks\uytvbcdswesxaq
- hidden files
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\gvderdghjytvca.exe
- 'pl######aster.duckdns.org':6699
- DNS ASK pl######aster.duckdns.org
- '%TEMP%\gvderdghjytvca.exe'
- '%TEMP%\gvderdghjytvca.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /query
- '%WINDIR%\syswow64\schtasks.exe' /create /sc MINUTE /tn UyTvBcDsWeSxAq /MO 1 /tr %TEMP%\\gVdErDgHjYtVcA.exe
- '<SYSTEM32>\taskeng.exe' {7B6EA3CA-3D70-4EF6-9C04-162F43084A96} S-1-5-21-1960123792-2022915161-3775307078-1001:bbpcuxy\user:Interactive:[1]
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'