Technical Information
- <SYSTEM32>\tasks\windowsupdate
- %WINDIR%\temps\windowsupdata.exe
- %WINDIR%\temps\aow_exe.exe
- from <Full path to file> to \:d
- '13#.#22.148.39':8089
- '13#.#22.148.39':4476
- http://13#.##2.148.39:8089/k.bin via 13#.#22.148.39
- '13#.#22.148.39':4476
- ClassName: 'Q360SafeMonClassГ‚' WindowName: ''
- '%WINDIR%\temps\windowsupdata.exe'
- '%WINDIR%\temps\aow_exe.exe'
- '%WINDIR%\temps\windowsupdata.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {7F1B65C9-C096-44A8-83FB-89331DCD0BC5} S-1-5-21-1238866942-1249195528-555854008-1000:cbcogehxdx\user:Interactive:[1]