Technical Information
- <SYSTEM32>\tasks\windowssystem
- %APPDATA%\windows10updatee.vbs
- 'ma#####ko.freeddns.org':8082
- DNS ASK ma#####ko.freeddns.org
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Windows10Updatee.vbs"
- '%WINDIR%\syswow64\wscript.exe' %APPDATA%\Windows10Updatee.vbs
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn WindowsSystem /tr %APPDATA%\Windows10Updatee.vbs' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn WindowsSystem /tr %APPDATA%\Windows10Updatee.vbs' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Windows10Updatee.vbs"' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn WindowsSystem /tr %APPDATA%\Windows10Updatee.vbs
- '%WINDIR%\syswow64\wscript.exe' <PATH_SAMPLE>.vbs
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn WindowsSystem /tr %APPDATA%\Windows10Updatee.vbs
- '<SYSTEM32>\taskeng.exe' {F29EB3A5-2D07-497F-AE65-38323E8A3A10} S-1-5-21-1960123792-2022915161-3775307078-1001:iuabul\user:Interactive:[1]