Technical Information
- <SYSTEM32>\tasks\uicommon.exe
- %TEMP%\nvmiig.inf_amd64_649395c294ad3a68\uicommon.exe
- 'qg###ool.fun':80
- http://qg###ool.fun/g9jjjbnAdshZ/index.php
- DNS ASK qg###ool.fun
- '%TEMP%\nvmiig.inf_amd64_649395c294ad3a68\uicommon.exe'
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN UICommon.exe /TR "%TEMP%\nvmiig.inf_amd64_649395c294ad3a68\UICommon.exe" /F' (with hidden window)
- '%TEMP%\nvmiig.inf_amd64_649395c294ad3a68\uicommon.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /MO 1 /TN UICommon.exe /TR "%TEMP%\nvmiig.inf_amd64_649395c294ad3a68\UICommon.exe" /F
- '<SYSTEM32>\taskeng.exe' {489483B7-89B2-4188-8662-1F0ECCE49358} S-1-5-21-1238866942-1249195528-555854008-1000:xcibgipzezs\user:Interactive:[1]