Technical Information
- <SYSTEM32>\tasks\consvc_reenable
- <SYSTEM32>\tasks\updater_reenable
- [<HKLM>\System\CurrentControlSet\Services\consvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\consvc] 'ImagePath' = '"%CommonProgramFiles%\consvc\service\consvc.exe"'
- [<HKLM>\System\CurrentControlSet\Services\Updater Service Handler] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Updater Service Handler] 'ImagePath' = '"%CommonProgramFiles%\consvc\updater\UpdaterService.exe"'
- 'consvc' "%CommonProgramFiles%\consvc\service\consvc.exe"
- 'consvc' %CommonProgramFiles%\consvc\service\consvc.exe
- 'Updater Service Handler' "%CommonProgramFiles%\consvc\updater\UpdaterService.exe"
- 'Updater Service Handler' %CommonProgramFiles%\consvc\updater\UpdaterService.exe
- '%WINDIR%\syswow64\net.exe' stop "consvc"
- '%WINDIR%\syswow64\net.exe' stop "Updater Service Handler"
- %TEMP%\is-fiiba.tmp\<File name>.tmp
- %CommonProgramFiles%\consvc\service\pl\is-filep.tmp
- %CommonProgramFiles%\consvc\service\ru\is-8i6kd.tmp
- %CommonProgramFiles%\consvc\service\zh-cn\is-utu2l.tmp
- %CommonProgramFiles%\consvc\service\is-5p358.tmp
- %CommonProgramFiles%\consvc\service\is-q6jqf.tmp
- %CommonProgramFiles%\consvc\service\is-un3dq.tmp
- %CommonProgramFiles%\consvc\service\is-6r6sq.tmp
- %CommonProgramFiles%\consvc\service\is-eubf2.tmp
- %CommonProgramFiles%\consvc\service\is-36aei.tmp
- %CommonProgramFiles%\consvc\service\is-jjm17.tmp
- %CommonProgramFiles%\consvc\service\is-nfb8o.tmp
- %CommonProgramFiles%\consvc\service\is-d861n.tmp
- %CommonProgramFiles%\consvc\service\is-u86up.tmp
- %CommonProgramFiles%\consvc\service\is-73qha.tmp
- %CommonProgramFiles%\consvc\unins000.msg
- %CommonProgramFiles%\consvc\unins000.dat
- %CommonProgramFiles%\consvc\service\installutil.installlog
- %CommonProgramFiles%\consvc\service\consvc.installlog
- %CommonProgramFiles%\consvc\service\consvc.installstate
- %CommonProgramFiles%\consvc\updater\installutil.installlog
- %CommonProgramFiles%\consvc\updater\updaterservice.installlog
- %CommonProgramFiles%\consvc\service\it\is-ulljh.tmp
- %CommonProgramFiles%\consvc\updater\updaterservice.installstate
- %CommonProgramFiles%\consvc\service\fr\is-4nagh.tmp
- %CommonProgramFiles%\consvc\service\de\is-1rkro.tmp
- %TEMP%\is-vbn7q.tmp\_isetup\_setup64.tmp
- %TEMP%\is-i9iqs.tmp\<File name>.tmp
- %TEMP%\is-5k3go.tmp\_isetup\_setup64.tmp
- %CommonProgramFiles%\consvc\is-kc7ho.tmp
- %CommonProgramFiles%\consvc\updater\de\is-k1nmv.tmp
- %CommonProgramFiles%\consvc\updater\es\is-05si9.tmp
- %CommonProgramFiles%\consvc\updater\fr\is-av113.tmp
- %CommonProgramFiles%\consvc\updater\it\is-u0sab.tmp
- %CommonProgramFiles%\consvc\updater\pl\is-765ku.tmp
- %CommonProgramFiles%\consvc\updater\ru\is-7h0n6.tmp
- %CommonProgramFiles%\consvc\updater\zh-cn\is-jee4l.tmp
- %CommonProgramFiles%\consvc\updater\is-efnj9.tmp
- %CommonProgramFiles%\consvc\updater\is-ogeki.tmp
- %CommonProgramFiles%\consvc\updater\is-sngka.tmp
- %CommonProgramFiles%\consvc\updater\is-8dch9.tmp
- %CommonProgramFiles%\consvc\updater\is-7tpp9.tmp
- %CommonProgramFiles%\consvc\updater\is-buclj.tmp
- %CommonProgramFiles%\consvc\updater\is-9668c.tmp
- %CommonProgramFiles%\consvc\updater\is-tim0k.tmp
- %CommonProgramFiles%\consvc\updater\is-sert4.tmp
- %CommonProgramFiles%\consvc\updater\updater_service.setting
- %CommonProgramFiles%\consvc\service\es\is-3j365.tmp
- %TEMP%\selfdelete2.bat
- %TEMP%\is-vbn7q.tmp\_isetup\_setup64.tmp
- %TEMP%\is-fiiba.tmp\<File name>.tmp
- %TEMP%\is-5k3go.tmp\_isetup\_setup64.tmp
- %TEMP%\is-i9iqs.tmp\<File name>.tmp
- from %CommonProgramFiles%\consvc\is-kc7ho.tmp to %CommonProgramFiles%\consvc\unins000.exe
- from %CommonProgramFiles%\consvc\service\fr\is-4nagh.tmp to %CommonProgramFiles%\consvc\service\fr\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\it\is-ulljh.tmp to %CommonProgramFiles%\consvc\service\it\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\pl\is-filep.tmp to %CommonProgramFiles%\consvc\service\pl\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\ru\is-8i6kd.tmp to %CommonProgramFiles%\consvc\service\ru\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\zh-cn\is-utu2l.tmp to %CommonProgramFiles%\consvc\service\zh-cn\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\is-5p358.tmp to %CommonProgramFiles%\consvc\service\microsoft.win32.taskscheduler.dll
- from %CommonProgramFiles%\consvc\service\is-un3dq.tmp to %CommonProgramFiles%\consvc\service\conhostlib.dll
- from %CommonProgramFiles%\consvc\service\is-u86up.tmp to %CommonProgramFiles%\consvc\service\xclicker.setting
- from %CommonProgramFiles%\consvc\service\is-6r6sq.tmp to %CommonProgramFiles%\consvc\service\xclientserverhelper.dll
- from %CommonProgramFiles%\consvc\service\is-eubf2.tmp to %CommonProgramFiles%\consvc\service\chromedriver.exe
- from %CommonProgramFiles%\consvc\service\is-36aei.tmp to %CommonProgramFiles%\consvc\service\newtonsoft.json.dll
- from %CommonProgramFiles%\consvc\service\is-jjm17.tmp to %CommonProgramFiles%\consvc\service\newtonsoft.json.xml
- from %CommonProgramFiles%\consvc\service\is-nfb8o.tmp to %CommonProgramFiles%\consvc\service\webdriver.dll
- from %CommonProgramFiles%\consvc\service\is-d861n.tmp to %CommonProgramFiles%\consvc\service\webdriver.xml
- from %CommonProgramFiles%\consvc\service\es\is-3j365.tmp to %CommonProgramFiles%\consvc\service\es\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\service\is-q6jqf.tmp to %CommonProgramFiles%\consvc\service\microsoft.win32.taskscheduler.xml
- from %CommonProgramFiles%\consvc\service\de\is-1rkro.tmp to %CommonProgramFiles%\consvc\service\de\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\zh-cn\is-jee4l.tmp to %CommonProgramFiles%\consvc\updater\zh-cn\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\de\is-k1nmv.tmp to %CommonProgramFiles%\consvc\updater\de\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\es\is-05si9.tmp to %CommonProgramFiles%\consvc\updater\es\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\fr\is-av113.tmp to %CommonProgramFiles%\consvc\updater\fr\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\it\is-u0sab.tmp to %CommonProgramFiles%\consvc\updater\it\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\pl\is-765ku.tmp to %CommonProgramFiles%\consvc\updater\pl\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\ru\is-7h0n6.tmp to %CommonProgramFiles%\consvc\updater\ru\microsoft.win32.taskscheduler.resources.dll
- from %CommonProgramFiles%\consvc\updater\is-efnj9.tmp to %CommonProgramFiles%\consvc\updater\microsoft.win32.taskscheduler.dll
- from %CommonProgramFiles%\consvc\updater\is-tim0k.tmp to %CommonProgramFiles%\consvc\updater\updater.setting
- from %CommonProgramFiles%\consvc\updater\is-ogeki.tmp to %CommonProgramFiles%\consvc\updater\microsoft.win32.taskscheduler.xml
- from %CommonProgramFiles%\consvc\updater\is-sngka.tmp to %CommonProgramFiles%\consvc\updater\updaterlib.dll
- from %CommonProgramFiles%\consvc\updater\is-8dch9.tmp to %CommonProgramFiles%\consvc\updater\xclientserverhelper.dll
- from %CommonProgramFiles%\consvc\updater\is-7tpp9.tmp to %CommonProgramFiles%\consvc\updater\7za.exe
- from %CommonProgramFiles%\consvc\updater\is-buclj.tmp to %CommonProgramFiles%\consvc\updater\newtonsoft.json.dll
- from %CommonProgramFiles%\consvc\updater\is-9668c.tmp to %CommonProgramFiles%\consvc\updater\newtonsoft.json.xml
- from %CommonProgramFiles%\consvc\updater\is-sert4.tmp to %CommonProgramFiles%\consvc\updater\updaterservice.exe
- from %CommonProgramFiles%\consvc\service\is-73qha.tmp to %CommonProgramFiles%\consvc\service\consvc.exe
- '21#.#02.242.66':1221
- '21#.#02.242.66':1222
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- '%TEMP%\is-fiiba.tmp\<File name>.tmp' /SL5="$B0214,4855516,485888,<Full path to file>"
- '%CommonProgramFiles%\consvc\updater\updaterservice.exe'
- '%TEMP%\is-i9iqs.tmp\<File name>.tmp' /SL5="$E0208,4855516,485888,<Full path to file>" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
- '%CommonProgramFiles%\consvc\service\consvc.exe' --uninstall
- '%CommonProgramFiles%\consvc\service\consvc.exe' --install
- '%CommonProgramFiles%\consvc\updater\updaterservice.exe' --install
- '%CommonProgramFiles%\consvc\service\consvc.exe'
- '%CommonProgramFiles%\consvc\updater\updaterservice.exe' --uninstall
- '%WINDIR%\syswow64\net.exe' start "Updater Service Handler"' (with hidden window)
- '%WINDIR%\syswow64\net.exe' stop "Updater Service Handler"' (with hidden window)
- '%CommonProgramFiles%\consvc\updater\updaterservice.exe' --uninstall' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start "consvc"' (with hidden window)
- '%WINDIR%\syswow64\net.exe' stop "consvc"' (with hidden window)
- '%CommonProgramFiles%\consvc\service\consvc.exe' --install' (with hidden window)
- '%CommonProgramFiles%\consvc\service\consvc.exe' --uninstall' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C ""%TEMP%\SelfDelete2.bat""' (with hidden window)
- '<Full path to file>' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART' (with hidden window)
- '%CommonProgramFiles%\consvc\updater\updaterservice.exe' --install' (with hidden window)
- '<SYSTEM32>\net.exe' start "consvc"' (with hidden window)
- '%WINDIR%\syswow64\net1.exe' stop "consvc"
- '%WINDIR%\syswow64\net.exe' start "consvc"
- '%WINDIR%\syswow64\net1.exe' start "consvc"
- '%WINDIR%\syswow64\net1.exe' stop "Updater Service Handler"
- '%WINDIR%\syswow64\net.exe' start "Updater Service Handler"
- '%WINDIR%\syswow64\net1.exe' start "Updater Service Handler"
- '%WINDIR%\syswow64\cmd.exe' /C ""%TEMP%\SelfDelete2.bat""
- '<SYSTEM32>\net.exe' start "consvc"
- '<SYSTEM32>\net1.exe' start "consvc"