Technical Information
- <SYSTEM32>\tasks\wtf5uains
- %TEMP%\ngumb58w8.exe
- 'po####yreque5.pw':80
- http://po####yreque5.pw/search.php
- DNS ASK po####yreque5.pw
- '<SYSTEM32>\schtasks.exe' /create /tn wtf5uains /sc once /tr %TEMP%\ngumb58w8.exe /st 15:36
- '<SYSTEM32>\taskeng.exe' {5FA6D6A3-C601-4079-BB70-0A1D9E8D391B} S-1-5-21-1238866942-1249195528-555854008-1000:tbgmjdcr\user:Interactive:[1]