Техническая информация
- <SYSTEM32>\tasks\malayamaraupdate
- %TEMP%\nshce66.tmp
- %TEMP%\nshce68.tmp\inetc.dll
- %TEMP%\nshce67.tmp
- %TEMP%\file.txt
- %TEMP%\syncupd.exe
- %TEMP%\broomsetup.exe
- %APPDATA%\temp\task.bat
- %TEMP%\nshce67.tmp
- %TEMP%\nshce68.tmp\inetc.dll
- %TEMP%\syncupd.exe
- 'ap#.#pify.org':80
- '18#.#72.128.90':80
- '18#.#72.128.187':80
- '18#.#72.128.145':80
- http://ap#.#pify.org/?fo########
- http://18#.#72.128.90/cpa/ping.php?su##############
- http://18#.#72.128.187/ping.php?su#########
- http://18#.#72.128.145/15f649199f40275b/sqlite3.dll
- DNS ASK ap#.#pify.org
- ClassName: 'msctls_updown32' WindowName: ''
- '%TEMP%\syncupd.exe'
- '%TEMP%\broomsetup.exe'
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "%TEMP%\syncUpd.exe" & del "%ALLUSERSPROFILE%\*.dll"" & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "%TEMP%\syncUpd.exe" & del "%ALLUSERSPROFILE%\*.dll"" & exit
- '%WINDIR%\syswow64\timeout.exe' /t 5
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "MalayamaraUpdate" /tr "'%TEMP%\Updater.exe'" /sc minute /mo 30 /F