Technical Information
- <SYSTEM32>\tasks\ryplbybduw
- %APPDATA%\ryplbybduw\frwxxtyvnj.exe
- nul
- %APPDATA%\ryplbybduw\bzqpqkaoxh.pid
- '79.##7.206.137':80
- http://79.##7.206.137/bot/regex?ke##################################################################
- http://79.##7.206.137/bot/online?gu####################################################################################
- '%APPDATA%\ryplbybduw\frwxxtyvnj.exe'
- '%APPDATA%\ryplbybduw\frwxxtyvnj.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /tn RYplbyBDUW /tr %APPDATA%\RYplbyBDUW\FRWxXtyVnj.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn RYplbyBDUW /tr %APPDATA%\RYplbyBDUW\FRWxXtyVnj.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
- '<SYSTEM32>\taskeng.exe' {9C253F0A-F3E9-474E-A202-9B9EDBB1B07B} S-1-5-21-1960123792-2022915161-3775307078-1001:yddttet\user:Interactive:[1]