Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DLxES' = '%APPDATA%\DLxES\DLxES.exe'
- <SYSTEM32>\tasks\updates\kwewaxh
- %WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe
- %APPDATA%\kwewaxh.exe
- %TEMP%\tmp38fa.tmp
- %APPDATA%\dlxes\dlxes.exe
- %TEMP%\tmp38fa.tmp
- '<SYSTEM32>\schtasks.exe' /Create /TN "Updates\kwEwaXh" /XML "%TEMP%\tmp38FA.tmp"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN "Updates\kwEwaXh" /XML "%TEMP%\tmp38FA.tmp"
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regsvcs.exe'