Technical Information
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{aefe271c-271c-271c-271c-aefe271c271c}
- %TEMP%\5c1b.tmp
- %APPDATA%\twwrwdv
- %APPDATA%\ssgsdbd
- %APPDATA%\twwrwdv
- %APPDATA%\ssgsdbd
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK je##e.host
- DNS ASK be#.########.#1D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK cr#.########.#1D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK wm#.########.#1D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK wm###.########.01D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK cm#.########.#1D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK cm###.########.01D67A6A.FAF3E3F5.oonz.riguard.tech
- DNS ASK microsoft.com
- DNS ASK oc##.#tartssl.com
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:csv
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /format:csv
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get displayName /format:csv
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\cimv2 Path Win32_Processor Get Name,DeviceID,NumberOfCores /format:csv
- '<SYSTEM32>\wbem\wmic.exe' /namespace:\\root\cimv2 Path Win32_Product Get Name,Version /format:csv