Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'FOGYISHNESSR' = '%TEMP%\Kortegensnonme\Skatemob2.vbs'
- <SYSTEM32>\tasks\updates\nkcttxjwyxcz
- ssdcvb.exe
- %TEMP%\ssdcvb.exe
- %TEMP%\kortegensnonme\skatemob2.exe
- %TEMP%\kortegensnonme\skatemob2.vbs
- %APPDATA%\nkcttxjwyxcz.exe
- %TEMP%\tmp7fac.tmp
- %APPDATA%\nkcttxjwyxcz.exe
- %TEMP%\tmp7fac.tmp
- 'mo###orme.ug':6970
- http://pl###tiso.ug/ac.exe
- DNS ASK pl###tiso.ug
- DNS ASK drive.google.com
- DNS ASK mo###orme.ug
- '%TEMP%\kortegensnonme\skatemob2.exe'
- '%TEMP%\ssdcvb.exe'
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\nKcTTxjwYXcz" /XML "%TEMP%\tmp7FAC.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\nKcTTxjwYXcz" /XML "%TEMP%\tmp7FAC.tmp"