Техническая информация
Вредоносные функции
Завершает или пытается завершить
следующие системные процессы:
- %WINDIR%\syswow64\cmd.exe
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\autd39.tmp
- %TEMP%\minecraftlauncher\pistonstaging\3bed7d65fbb7141ced43b9a4e143190da3c61ca4
- %TEMP%\minecraftlauncher\pistonstaging\89cf4738188153de01b6994b55e6f4754a1ca7b7
- %TEMP%\minecraftlauncher\pistonstaging\0b57d80ff583aa4921271eaad4c0d71c6094a119
- %TEMP%\minecraftlauncher\pistonstaging\cf9d8f5aae61156092239c4d85c3352f0e055c56
- %TEMP%\minecraftlauncher\pistonstaging\aec480c5f357d7ac74b4f2081b37e3bd97cda481
- %TEMP%\minecraftlauncher\pistonstaging\d7a3568eb32b16eb43fdc27d875acd2ee20b5d24
- %TEMP%\minecraftlauncher\pistonstaging\699bdd5995428b3b206342dc876ebe95739ee555
- %TEMP%\minecraftlauncher\pistonstaging\f8144e74ef3f128e08730f5d4e926914d81e817e
- %TEMP%\minecraftlauncher\pistonstaging\71ba95167ed6777eea6863fd4555c550f56f57a4
- %TEMP%\minecraftlauncher\pistonstaging\aa3761667ae5fd0d0e69e81354f541e4c0ca9ea6
- %TEMP%\minecraftlauncher\pistonstaging\8268ca0dec094d655b38cc0a7595fc7404ca6f75
- %TEMP%\minecraftlauncher\pistonstaging\e7691035840804d7cc3c895855af209860a6e246
- %TEMP%\minecraftlauncher\pistonstaging\86bbeaaebf238f1a1a57fac33ff6d8cbeb3e086e
- %TEMP%\minecraftlauncher\pistonstaging\133dea57961ab17f1fe4b7175236d02168c2de8d
- %TEMP%\minecraftlauncher\pistonstaging\ae27c24da778e08e773330111f76fca5c583ad02
- %TEMP%\minecraftlauncher\pistonstaging\ea5af8ca67d502e1cb856b6ed02ecc0bf6ae525b
- %TEMP%\minecraftlauncher\pistonstaging\72840023c8dca628d53917187aba524ae06b3805
- %TEMP%\minecraftlauncher\pistonstaging\6bab2e77925515888808c1ef729c5bb1323100dd
- %TEMP%\minecraftlauncher\pistonstaging\d2f9b4f5c5ade7eb54838acb4bda5fa0e4bdf3c0
- %TEMP%\minecraftlauncher\pistonstaging\cbf51552d14ae32f4651d1770ece1dc9ba3e1d8e
- %TEMP%\minecraftlauncher\pistonstaging\1231c5b199ba2bc48cbafdbef813cdbd5dc3c42d
- %TEMP%\minecraftlauncher\pistonstaging\b8b15f032512091af6a8573d8750184ae88839df
- %TEMP%\minecraftlauncher\pistonstaging\df8ffb51826d76f8e4e11fa8555e0ffb2282a3be
- %TEMP%\minecraftlauncher\pistonstaging\72becbad361e228a8a164b01d1541ccbf7e28eaf
- %TEMP%\minecraftlauncher\pistonstaging\51cadecb9bcd8fe22afead0a5fc5cecb52c30cad
- %TEMP%\minecraftlauncher\pistonstaging\7264e679520e3981a2bf39d7c9eb0085c327a920
- %TEMP%\minecraftlauncher\pistonstaging\ad7b39ac558124d7a5f73a83ca0e5e1cc4739425
- %TEMP%\minecraftlauncher\pistonstaging\d78aa25633b015464855f60523fe85060959a939
- %TEMP%\minecraftlauncher\pistonstaging\143a27f67341827f8b32458f3c18ecd604093657
- %TEMP%\minecraftlauncher\pistonstaging\18cd81acf8d9ccab5b281c9eb02e06d3091a164c
- %TEMP%\minecraftlauncher\pistonstaging\8b3db01ebfd19f8775f6ed114973350ff1814c0a
- %TEMP%\minecraftlauncher\pistonstaging\9142c943f1a2dacd0726bb7487f4ec9edc01f4ca
- %TEMP%\minecraftlauncher\pistonstaging\f138a577c7d1d681d22e3c001fa4731c667f14b8
- %TEMP%\minecraftlauncher\pistonstaging\f8bef9d34dacfc34c5a8772570d31d27a19869d0
- %TEMP%\minecraftlauncher\pistonstaging\cbd4990b3b6dc6f1f168a8d710980fbf19e49222
- %TEMP%\minecraftlauncher\pistonstaging\70c39df950c6a0c2db5396bb9bc8070abf98ac03
- %TEMP%\minecraftlauncher\pistonstaging\e22a9a3f57204407ad3eacab0f320aba92b79a5b
- %TEMP%\minecraftlauncher\pistonstaging\e4f6a5221ef853e4480c317bb8a0ca18e7311d05
- %TEMP%\minecraftlauncher\pistonstaging\70c132726600a4c640c627d36fb01d8fa2c499f4
- %TEMP%\minecraftlauncher\pistonstaging\81bb7dbd212fbc760162b96da229b39516d1e25f
- %TEMP%\minecraftlauncher\pistonstaging\d90c04e54c127a98b1f4e9e1061786162e5f6946
- %WINDIR%\temp\cabef1f.tmp
- %TEMP%\minecraftlauncher\pistonstaging\1ad557cecf3d54a5fbe471ceab189d344fef347c
- %TEMP%\minecraftlauncher\pistonstaging\2da1b18943265f473f6b87b63132dbb2398ff487
- %TEMP%\minecraftlauncher\pistonstaging\5dd39b6a04c7831f1339902f8ce452da85b5aa20
- %TEMP%\minecraftlauncher\pistonstaging\8f157cc1ab1c18bf47305543b149604797cd6587
- %APPDATA%\.minecraft\updatelog.txt
- %TEMP%\minecraftlauncher.exe.tmp
- %WINDIR%\temp\taref20.tmp
- %APPDATA%\.minecraft\launcher_log.txt
- %TEMP%\minecraftlauncher\pistonstaging\229367ac0be0a2da9d6338cba6f45c07f790140c
- %TEMP%\updatelog.txt
- %TEMP%\tools\nativeupdater.exe
- %TEMP%\tmp\tmplauncher.tmp
- <Текущая директория>\nativelog.txt
- %TEMP%\minecraft - copy.exe
- %TEMP%\aut192c.tmp
- %TEMP%\minecraftlauncher.exe
- %TEMP%\minecraftlauncher\pistonstaging\b36ec3c3b20a7a06ff282d696f12b51904b073a4
- %TEMP%\minecraftlauncher\pistonstaging\a9b321d3a1ac30e003baca2e4fb5c984137b17bb
- %TEMP%\minecraftlauncher\pistonstaging\e6e37e19a04a55944bdfba6f9359bbe0ea8402fc
- %TEMP%\minecraftlauncher\pistonstaging\fb5af43ba527f0b03f6e5db0dba870df7acecf77
- %TEMP%\minecraftlauncher\pistonstaging\a000ac66ef525e08decc62f37bfb0dd031fd8790
- %TEMP%\minecraftlauncher\pistonstaging\225d5eee935c42f2668686ed8c6cf9d81686ed65
- %TEMP%\minecraftlauncher\pistonstaging\2a0014e819249bc202b34a80d1c04496c83d924d
- %TEMP%\minecraftlauncher\pistonstaging\39d5477aad201ab6d305fe1a466f9692646033a1
- %TEMP%\minecraftlauncher\pistonstaging\82212a642c90b51b8f67e517ee8782da841b658f
- %TEMP%\minecraftlauncher\pistonstaging\d0efd685c081a591ae86599b2688ecb7a5ff2c17
- %TEMP%\minecraftlauncher\pistonstaging\82018633a3a2bfcfd4afa8e74e4530bc57035748
- %TEMP%\minecraftlauncher\pistonstaging\4b7c0aadbea7408dc6b88722ac1c9e02cc94cb97
- %TEMP%\minecraftlauncher\pistonstaging\35a30ef5ad3f9dd412d6a161e187a27b097e6dbd
- %TEMP%\minecraftlauncher\pistonstaging\5f0781c07f41bf591b6af843e0195510666ccb7a
- %TEMP%\minecraftlauncher\pistonstaging\0ee3d65026be39be442967545df4c1c95490040b
- %TEMP%\minecraftlauncher\pistonstaging\a61f5ce476f65c9d9a8c0bfcee73a4555568140b
- %TEMP%\minecraftlauncher\pistonstaging\a29dee681aac5a851bcec0edc8f859aadd37e8eb
- %TEMP%\minecraftlauncher\pistonstaging\b7cb43366c3afc11eeca9e25b7577bb91fa84ee9
- %TEMP%\minecraftlauncher\pistonstaging\91b918c8d9c842535c006cad51fef1f7a4df3df4
- %TEMP%\minecraftlauncher\pistonstaging\a3d60c190e97fc3e45d2de6ef0abf31c13393ed1
- %TEMP%\minecraftlauncher\pistonstaging\cd3b444ec31e78c7bef960f91548de1e1f2ae487
- %TEMP%\minecraftlauncher\pistonstaging\b123c9943a7f7046626481daf7ad5f905593fe39
- %TEMP%\minecraftlauncher\pistonstaging\6f0db2ff20097e53c4cf83a97aeb30fd97cf38e8
Удаляет следующие файлы
- %TEMP%\autd39.tmp
- %TEMP%\aut192c.tmp
- %WINDIR%\temp\cabef1f.tmp
- %WINDIR%\temp\taref20.tmp
Перемещает следующие файлы
- %TEMP%\tmp\tmplauncher.tmp в %TEMP%\minecraftlauncher.exe
- %TEMP%\minecraftlauncher.exe в %TEMP%\minecraftlauncher.exe.backup
Подменяет следующие файлы
- %TEMP%\minecraftlauncher.exe
Сетевая активность
Подключается к
- 'la#####rmeta.mojang.com':80
- 'la####er.mojang.com':443
- 'x.##2.us':80
- 'o.##2.us':80
- 'oc##.###tg2.amazontrust.com':80
- 'oc##.####ca1.amazontrust.com':80
- 'la#####rmeta.mojang.com':443
- 'localhost':49188
- 'localhost':49190
- 'localhost':49193
TCP
Запросы HTTP GET
- http://la#####rmeta.mojang.com/mc/launcher.json
- http://x.##2.us/x.cer
- http://o.##2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
- http://oc##.###tg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
- http://oc##.####ca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
Другие
- 'la####er.mojang.com':443
- 'la#####rmeta.mojang.com':443
- 'localhost':49188
- 'localhost':49190
- 'localhost':49191
- 'localhost':49193
- 'localhost':49194
UDP
- DNS ASK la#####rmeta.mojang.com
- DNS ASK la####er.mojang.com
- DNS ASK x.##2.us
- DNS ASK o.##2.us
- DNS ASK oc##.###tg2.amazontrust.com
- DNS ASK oc##.####ca1.amazontrust.com
Другое
Создает и запускает на исполнение
- '%TEMP%\minecraftlauncher.exe'
- '%TEMP%\tools\nativeupdater.exe' MinecraftLauncher.exe C:/Users/user/AppData/Local/Temp/tmp/tmpLauncher.tmp --nativeLauncherVersion 1321
- '%TEMP%\tools\nativeupdater.exe' MinecraftLauncher.exe MinecraftLauncher.exe.tmp --nativeLauncherVersion 1321 --nativeLauncherVersion 659 --nativeLauncherVersion 659
- '%TEMP%\minecraftlauncher.exe' --nativeLauncherVersion 1321 --nativeLauncherVersion 659 --nativeLauncherVersion 659
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\MinecraftLauncher.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\Minecraft - Copy.exe' (со скрытым окном)
Запускает на исполнение
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\MinecraftLauncher.exe
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\Minecraft - Copy.exe
