Technical Information
- <SYSTEM32>\tasks\windowsupdateqyqhw0x8429525
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %TEMP%\ybxeybmnq
- '10#.#56.227.248':80
- ClassName: 'MS_WINHELP' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c del /q /f %temp%\*.lnk' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /delete /tn WindowsUpdateQyQhw0x8429524' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn WindowsUpdateQyQhw0x8429525 /tr "%PROGRAMDATA%\QyQhwEdq\bqdEwhQyQ.exe" /RL HIGHEST' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del /q /f %temp%\*.lnk
- '%WINDIR%\syswow64\schtasks.exe' /delete /tn WindowsUpdateQyQhw0x8429524
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn WindowsUpdateQyQhw0x8429525 /tr "%PROGRAMDATA%\QyQhwEdq\bqdEwhQyQ.exe" /RL HIGHEST
- '<SYSTEM32>\taskeng.exe' {8E73D8EA-26AA-43F7-9D39-CCAEEA8DCB9F} S-1-5-21-1960123792-2022915161-3775307078-1001:twgmsddk\user:Interactive:[1]