Technical Information
- '<SYSTEM32>\schtasks.exe' /Create /TN "Update\svchost.exe" /XML "%TEMP%\507219167.xml"
- <SYSTEM32>\svchost.exe
- %APPDATA%\Monitor\Screenshots\11-30-2017\2.38 PM
- %TEMP%\507219167.xml
- %APPDATA%\svchost.exe
- 'localhost':1604
- '19#.#7.212.80':1604