Technical Information
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\dskhjkdhakhda" /XML "%TEMP%\z109"
- <SYSTEM32>\svchost.exe
- %APPDATA%\Monitor\Screenshots\11-16-2017\2.35 PM
- %TEMP%\z109
- %APPDATA%\ksahjsakh.exe
- %TEMP%\z109
- 'ak##.myftp.biz':1710
- DNS ASK ak##.myftp.biz