Technical Information
- %WINDIR%\syswow64\mstsc.exe
- %APPDATA%\udksgeokb.exe
- %TEMP%\tmp8f05.tmp
- %APPDATA%\udksgeokb.exe
- %TEMP%\tmp8f05.tmp
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%\udKsgEOkb.exe"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath "%APPDATA%\udKsgEOkb.exe"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\udKsgEOkb" /XML "%TEMP%\tmp8F05.tmp"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Updates\udKsgEOkb" /XML "%TEMP%\tmp8F05.tmp"
- '%WINDIR%\syswow64\mstsc.exe'