Technical Information
- <SYSTEM32>\tasks\windowsupda2ta
- <Drive name for removable media>:\<File name>.vbs
- %TEMP%\<File name>.vbs
- %TEMP%\4105171.jpg
- %TEMP%\3m33v9e.jpg
- <Drive name for removable media>:\<File name>.vbs
- %TEMP%\4105171.jpg
- %TEMP%\3m33v9e.jpg
- 'mr####2.myq-see.com':81
- DNS ASK mr####2.myq-see.com
- '<SYSTEM32>\wscript.exe' //B "%TEMP%\<File name>.vbs"
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\4105171.jpg' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\3M33V9E.jpg' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\4105171.jpg
- '<SYSTEM32>\schtasks.exe' /Create /TN WindowsUpda2ta /xml %TEMP%\3M33V9E.jpg