Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Welevy' = '%APPDATA%\Microsoft\MMC\crrca.exe'
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\MMC\crrca.exe
- %TEMP%\aut1.tmp
- '<SYSTEM32>\cmd.exe' /c SCHTASKS /Create /SC MINUTE /MO 1 /TN "NvProfileUpdaterOveredays" /TR "%APPDATA%\Microsoft\MMC\crrca.exe"
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /MO 1 /TN "NvProfileUpdaterOveredays" /TR "%APPDATA%\Microsoft\MMC\crrca.exe"