Technical Information
- %WINDIR%\tasks\iarkdu.job
- <SYSTEM32>\tasks\iarkdu
- %ALLUSERSPROFILE%\fdav\iarkdu.exe
- 'ge###xman37.xyz':4044
- DNS ASK ad###trex20.xyz
- DNS ASK ge###xman37.xyz
- '%ALLUSERSPROFILE%\fdav\iarkdu.exe' start
- '%ALLUSERSPROFILE%\fdav\iarkdu.exe' start' (with hidden window)