Technical Information
- <SYSTEM32>\tasks\'winupdate'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'OLLYDBG', WindowName: 'OllyDBg'
- %TEMP%\bebasid.exe
- %TEMP%\winupdate.exe
- %APPDATA%\winupdate.exe
- %TEMP%\tmp2397.tmp.bat
- nul
- DNS ASK ma######ikovska.ddns.net
- ClassName: 'ObsidianGUI' WindowName: ''
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'ID' WindowName: ''
- '%TEMP%\bebasid.exe'
- '%TEMP%\winupdate.exe'
- '%APPDATA%\winupdate.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'WinUpdate"' /tr "'%APPDATA%\WinUpdate.exe"'' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'WinUpdate"' /tr "'%APPDATA%\WinUpdate.exe"'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmp2397.tmp.bat""
- '%WINDIR%\syswow64\timeout.exe' 3