Technical Information
- %WINDIR%\tasks\bgfd.job
- <SYSTEM32>\tasks\bgfd
- %ALLUSERSPROFILE%\uxcehk\bgfd.exe
- 'da####d28asd.com':4035
- DNS ASK da####d28asd.com
- '%ALLUSERSPROFILE%\uxcehk\bgfd.exe' start
- '%ALLUSERSPROFILE%\uxcehk\bgfd.exe' start' (with hidden window)