Technical Information
- <SYSTEM32>\tasks\nuqk683cw6cwacpckw
- '%WINDIR%\syswow64\taskkill.exe' /im <File name>.exe /f
- %ALLUSERSPROFILE%\{fgd1z278-ruro-hwvt-ui9gmyevrk9r}\iexplore.exe
- 'le###n.net.ru':80
- http://le###n.net.ru/gate/connection.php
- http://le###n.net.ru/gate/create.php
- http://le###n.net.ru/gate/config.php
- http://le###n.net.ru/gate/update.php
- DNS ASK le###n.net.ru
- ClassName: '' WindowName: ''
- '%ALLUSERSPROFILE%\{fgd1z278-ruro-hwvt-ui9gmyevrk9r}\iexplore.exe'
- '%ALLUSERSPROFILE%\{fgd1z278-ruro-hwvt-ui9gmyevrk9r}\iexplore.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "NUQK683CW6CWACPCKW" /TR "%ALLUSERSPROFILE%\{FGD1Z278-RURO-HWVT-UI9GMYEVRK9R}\iexplore.exe" /F' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im <File name>.exe /f & erase n% & exit' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 15 /TN "NUQK683CW6CWACPCKW" /TR "%ALLUSERSPROFILE%\{FGD1Z278-RURO-HWVT-UI9GMYEVRK9R}\iexplore.exe" /F
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im <File name>.exe /f & erase n% & exit