Technical Information
- %WINDIR%\tasks\wow64.job
- <SYSTEM32>\tasks\wow64
- %WINDIR%\tasks\irponmkjihgedcbxwvu.job
- <SYSTEM32>\tasks\irponmkjihgedcbxwvu
- %WINDIR%\temp\axvu.exe
- %WINDIR%\tasks\irponmkjihgedcbxwvu.job
- <SYSTEM32>\tasks\irponmkjihgedcbxwvu
- '88.##8.147.80':4174
- 'wa###twasabi.io':80
- '88.##8.147.80':4174
- DNS ASK wa###twasabi.io
- '<Full path to file>' start' (with hidden window)