Technical Information
- %WINDIR%\explorer.exe
- %TEMP%\autd4ec.tmp
- %APPDATA%\wscuirt.exe
- %APPDATA%\wscuirt.exe
- %TEMP%\autd4ec.tmp
- ClassName: 'Progman' WindowName: ''
- ClassName: 'Proxy Desktop' WindowName: ''
- '%APPDATA%\wscuirt.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "kuNagIKmGGhwe" /tr "%APPDATA%\wscuirt.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "<Full path to file>" & exit' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "kuNagIKmGGhwe" /tr "%APPDATA%\wscuirt.exe"
- '%WINDIR%\explorer.exe'
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "" & exit
- '%WINDIR%\syswow64\cmd.exe' /k ping 0 & del "<Full path to file>" & exit