Technical Information
- %TEMP%\update.nls
- %WINDIR%\syswow64\jusched.exe
- 'ch##otka.kz':80
- http://www.ch##otka.kz/cache/msn.php?id##
- DNS ASK ch##otka.kz
- '%TEMP%\update.nls'
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> >> NUL' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <Full path to file> >> NUL