Technical Information
- <SYSTEM32>\tasks\updates\mtarzqgxnny
- %APPDATA%\mtarzqgxnny.exe
- %TEMP%\tmp3f9e.tmp
- %TEMP%\tmp3f9e.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK an###.duckdns.org
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\mTaRzqGxnnY" /XML "%TEMP%\tmp3F9E.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\mTaRzqGxnnY" /XML "%TEMP%\tmp3F9E.tmp"