Technical Information
- <SYSTEM32>\tasks\updates\fylkhsvdqeg
- %APPDATA%\fylkhsvdqeg.exe
- %TEMP%\tmp2452.tmp
- %TEMP%\tmp2452.tmp
- '15#.#28.150.198':11188
- 'ap#.ip.sb':443
- 'wh###.iana.org':43
- 'WH###.RIPE.NET':43
- http://15#.###.150.198:11188/ via 15#.#28.150.198
- 'ap#.ip.sb':443
- 'wh###.iana.org':43
- 'WH###.RIPE.NET':43
- DNS ASK ap#.ip.sb
- DNS ASK wh###.iana.org
- DNS ASK WH###.RIPE.NET
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\fYlkHsvDQEg" /XML "%TEMP%\tmp2452.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\fYlkHsvDQEg" /XML "%TEMP%\tmp2452.tmp"