Technical Information
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\bnvahmdsvafahdGRFKEQGREQWUAGFSADMHFmadsajmhfveasdgfabud" /XML "%TEMP%\z106"
- <SYSTEM32>\svchost.exe
- %APPDATA%\Monitor\Screenshots\03-13-2017\5.33 AM
- %TEMP%\z106
- %APPDATA%\uample
- %TEMP%\z106
- 'ke#####ash.sytes.net':6878
- 'pa#####raa2016.ddns.net':6878
- DNS ASK ke#####ash.sytes.net
- DNS ASK pa#####raa2016.ddns.net