Technical Information
- <SYSTEM32>\tasks\windowsupda2ta
- <Drive name for removable media>:\<File name>.vbs
- %TEMP%\<File name>.vbs
- %TEMP%\843jni9.jpg
- %TEMP%\b94dz8f.jpg
- <Drive name for removable media>:\<File name>.vbs
- %TEMP%\843jni9.jpg
- %TEMP%\b94dz8f.jpg
- 'localhost':81
- '<SYSTEM32>\wscript.exe' //B "%TEMP%\<File name>.vbs"
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\843JNI9.jpg' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\B94DZ8F.jpg' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\843JNI9.jpg
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\B94DZ8F.jpg