Technical Information
- <SYSTEM32>\tasks\winrun
- <SYSTEM32>\tasks\systemupdate
- %ALLUSERSPROFILE%\winsys.exe
- %TEMP%\systemdebug.exe
- '2n#.co':443
- 'pk#.goog':80
- http://pk#.goog/gsr1/gsr1.crt
- '2n#.co':443
- DNS ASK 2n#.co
- DNS ASK pk#.goog
- '%ALLUSERSPROFILE%\winsys.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /tn WinRun /tr "C:/ProgramData/WinSys.exe" /sc minute /F' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn SystemUpdate /tr "%TEMP%\SystemDebug.exe" /sc hourly /F' (with hidden window)
- '%ALLUSERSPROFILE%\winsys.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn WinRun /tr "C:/ProgramData/WinSys.exe" /sc minute /F
- '%WINDIR%\syswow64\schtasks.exe' /create /tn SystemUpdate /tr "%TEMP%\SystemDebug.exe" /sc hourly /F
- '<SYSTEM32>\taskeng.exe' {AF4A05D4-6836-42D5-8E75-F0F4E2156092} S-1-5-21-3150914307-1777937420-491476919-1000:fckkxkyu\user:Interactive:[1]