Technical Information
- <SYSTEM32>\tasks\update\security update
- svchost.exe
- %TEMP%\ixp000.tmp\setupx.exe
- %TEMP%\ixp000.tmp\setup.exe
- %APPDATA%\secupdate\svchost.exe
- %TEMP%\45280205.xml
- %TEMP%\is-6tihm.tmp\setup.tmp
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %TEMP%\45280205.xml
- '66##.#codework.com':6669
- DNS ASK 66##.#codework.com
- '%TEMP%\ixp000.tmp\setupx.exe'
- '%APPDATA%\secupdate\svchost.exe'
- '%TEMP%\ixp000.tmp\setup.exe'
- '%TEMP%\is-6tihm.tmp\setup.tmp' /SL5="$D0206,56832,0,%TEMP%\IXP000.TMP\Setup.exe"
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update\Security Update" /F' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\Security Update" /XML "%TEMP%\45280205.xml"' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update\Security Update" /F
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\Security Update" /XML "%TEMP%\45280205.xml"