Technical Information
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{a6b397e0-97e0-97e0-97e0-a6b397e097e0}
- %WINDIR%\syswow64\rundll32.exe
- %TEMP%\cc4f.tmp
- %APPDATA%\adthbsb
- %APPDATA%\efhicde
- %TEMP%\1291.tmp.exe
- %TEMP%\3bb5.tmp.exe
- %TEMP%\3bb5.dll
- %APPDATA%\adthbsb
- %APPDATA%\efhicde
- http://www.ms###csi.com/ncsi.txt
- http://14#.0.77.15/1.exe
- http://95.##9.168.37/JwUgQkUwNEVFMjlGQjJGNkMyRkQwNzk1OUEzQkU3NEY5M0I=
- http://gt##s.icu/forum/
- DNS ASK ct##r.icu
- DNS ASK gt##s.icu
- '%TEMP%\1291.tmp.exe'
- '%TEMP%\3bb5.tmp.exe'
- '%WINDIR%\syswow64\regsvr32.exe' -s %TEMP%\3BB5.dll f1 %TEMP%\3BB5TM~1.EXE@2068' (with hidden window)
- '%WINDIR%\syswow64\regsvr32.exe' -s %TEMP%\3BB5.dll f1 %TEMP%\3BB5TM~1.EXE@2068