Техническая информация
- <SYSTEM32>\tasks\malayamaraupdate
- %TEMP%\nsv259a.tmp
- %TEMP%\nsl25ab.tmp\inetc.dll
- %TEMP%\broomsetup.exe
- %TEMP%\nsvfbd8.tmp
- %APPDATA%\temp\task.bat
- %TEMP%\nsl25ab.tmp\inetc.dll
- 'google.com':443
- 'pk#.goog':80
- '18#.#72.128.90':80
- '18#.#72.128.127':80
- '18#.#72.128.145':80
- http://pk#.goog/gsr1/gsr1.crt
- http://18#.#72.128.90/cpa/ping.php?su###############
- http://18#.#72.128.127/syncUpd.exe
- http://18#.#72.128.127/ping.php?su##########
- 'google.com':443
- DNS ASK google.com
- DNS ASK pk#.goog
- ClassName: 'msctls_updown32' WindowName: ''
- '%TEMP%\broomsetup.exe'
- '%TEMP%\nsvfbd8.tmp'
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "MalayamaraUpdate" /tr "'%TEMP%\Updater.exe'" /sc minute /mo 30 /F