Technical Information
- <SYSTEM32>\tasks\updates\uaogzcjzfhrwm
- %APPDATA%\uaogzcjzfhrwm.exe
- %TEMP%\tmp62d3.tmp
- %APPDATA%\uaogzcjzfhrwm.exe
- %TEMP%\tmp62d3.tmp
- 'ru####.duckdns.org':7707
- DNS ASK ru####.duckdns.org
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\UAoGzcjZfHRwm" /XML "%TEMP%\tmp62D3.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\UAoGzcjZfHRwm" /XML "%TEMP%\tmp62D3.tmp"