Technical Information
- <SYSTEM32>\tasks\pchelper
- <Current directory>\pchelper.xml
- <Current directory>\xrun.vbs
- <Current directory>\updatehelper.vbs
- nul
- <Current directory>\pchelper.xml
- <Current directory>\xrun.vbs
- <Current directory>\updatehelper.vbs
- http://18#.#45.131.91/x_router778.php?us##############################################################################
- '<SYSTEM32>\wscript.exe' "<Current directory>\xRun.vbs"
- '<SYSTEM32>\wscript.exe' "<Current directory>\updatehelper.vbs"
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "<Current directory>\updatehelper.vbs"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c schtasks /create /xml "<Current directory>\pchelper.xml" /tn pchelper
- '<SYSTEM32>\schtasks.exe' /create /xml "<Current directory>\pchelper.xml" /tn pchelper
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "<Current directory>\updatehelper.vbs"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1000