Техническая информация
Для обеспечения автозапуска и распространения
Создает или изменяет следующие файлы
- <SYSTEM32>\tasks\c__yqypuo_<Имя файла>.exe
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\fast video cutter joiner.msi
- %TEMP%\shi6b77.tmp
- %TEMP%\msi74b0.tmp
- %TEMP%\msi8357.tmp
- %TEMP%\msi8d6a.tmp
- %TEMP%\ai_extui_bin_2388\dialog.jpg
- %TEMP%\ai_extui_bin_2388\completi
- %TEMP%\ai_extui_bin_2388\custicon
- %TEMP%\ai_extui_bin_2388\exclamic
- %TEMP%\ai_extui_bin_2388\info
- %TEMP%\ai_extui_bin_2388\insticon
- %TEMP%\ai_extui_bin_2388\removico
- %TEMP%\ai_extui_bin_2388\repairic
- %TEMP%\ai_extui_bin_2388\up
- %TEMP%\ai_extui_bin_2388\new
- %TEMP%\ai_extui_bin_2388\banner.jpg
- %TEMP%\ai_extui_bin_2388\tabback
- %TEMP%\ai_extui_bin_2388\cmdlinkarrow
- %TEMP%\ai_extui_bin_2388\dialog.scale125.jpg
- %TEMP%\ai_extui_bin_2388\banner.svg
- %TEMP%\ai_extui_bin_2388\lzmaextractor.dll
- %TEMP%\ai_extui_bin_2388\dialog.svg
- %TEMP%\ai_extui_bin_2388\banner.scale125.jpg
- %TEMP%\ai_extui_bin_2388\banner.scale150.jpg
- %TEMP%\ai_extui_bin_2388\banner.scale200.jpg
- %TEMP%\ai_extui_bin_2388\dialog.scale150.jpg
- %TEMP%\ai_extui_bin_2388\dialog.scale200.jpg
- %TEMP%\msi91ff.tmp
- %TEMP%\fast video cutter joiner\setup.exe
- %TEMP%\is-ial05.tmp\setup.tmp
- %TEMP%\is-f6usb.tmp\_isetup\_setup64.tmp
- %TEMP%\is-f6usb.tmp\zpost.dll
- %LOCALAPPDATA%\fast video cutter joiner\is-6l3k6.tmp
- %LOCALAPPDATA%\fast video cutter joiner\is-urkdk.tmp
- %LOCALAPPDATA%\fast video cutter joiner\is-65do3.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-lkghr.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-o0ok7.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-51sk8.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-vn2pk.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-fs4er.tmp
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-nv2s5.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-29hf1.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-a0iuh.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-iqt2b.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-7054m.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-cq0sm.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-idkhs.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-jgbe4.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-srcmi.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-t9590.tmp
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-mf3ee.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\fast video cutter joiner\fast video cutter joiner.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\fast video cutter joiner\fast video cutter joiner on the web.url
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\fast video cutter joiner\uninstall .lnk
- C:\users\public\desktop\fast video cutter joiner.lnk
- %LOCALAPPDATA%\fast video cutter joiner\options.ini
- %LOCALAPPDATA%\fast video cutter joiner\unins000.dat
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-69a9140a-11e8.pma
- %TEMP%\msi1067.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-69a91411-f88.pma
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\000002.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\manifest-000001
- %TEMP%\fast video cutter joiner1.cab
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000003.log
- %WINDIR%\temp\~df03a2b79a9b217f13.tmp
- %WINDIR%\installer\sourcehash{b4c1208b-4f3d-421c-9d31-d03c91d88df7}
- %WINDIR%\temp\~dfb478a8766c7200d6.tmp
- %WINDIR%\temp\~df0f5ea6b9e9b66e3d.tmp
- %WINDIR%\temp\~dfdce5ed89da545c93.tmp
- %WINDIR%\temp\~df6ad5780dbb9c9cf3.tmp
- %WINDIR%\temp\~dfd24aaf746bb365b2.tmp
- %WINDIR%\temp\~df23535fb8edffcb4e.tmp
- %WINDIR%\temp\~dfa256c808fed4da40.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\log
- %WINDIR%\systemtemp\scr5e93.ps1
- %WINDIR%\systemtemp\pss5ea4.ps1
- %LOCALAPPDATA%\microsoft\edge\user data\default\heavy_ad_intervention_opt_out.db-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\heavy_ad_intervention_opt_out.db
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\manifest-000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\000002.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\previews_opt_out.db-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\previews_opt_out.db
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor
- %LOCALAPPDATA%\microsoft\edge\user data\last browser
- %LOCALAPPDATA%\microsoft\edge\user data\default\preferredapps
- %LOCALAPPDATA%\microsoft\edge\user data\default\budgetdatabase\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\budgetdatabase\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\budgetdatabase\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000003.log
- %WINDIR%\systemtemp\pro5ec4.tmp
- %WINDIR%\temp\~dfa4e5c71301f9eb40.tmp
- %WINDIR%\temp\~df7a49b546ffa554a8.tmp
- %WINDIR%\temp\~df145321360de4f005.tmp
- %WINDIR%\temp\~df6125f54049927000.tmp
- %TEMP%\exe8e62.bat
- %TEMP%\exe8f9b.bat
Удаляет файлы, которые сам же создал
- %TEMP%\shi6b77.tmp
- %TEMP%\msi74b0.tmp
- %TEMP%\msi8357.tmp
- %TEMP%\msi8d6a.tmp
- %TEMP%\msi91ff.tmp
- <SYSTEM32>\tasks\c__yqypuo_<Имя файла>.exe
- %TEMP%\is-f6usb.tmp\zpost.dll
- %TEMP%\is-f6usb.tmp\_isetup\_setup64.tmp
- %TEMP%\is-ial05.tmp\setup.tmp
- %TEMP%\msi1067.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-69a9140a-11e8.pma
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-69a91411-f88.pma
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\manifest-000001
- %WINDIR%\systemtemp\pro5ec4.tmp
- %WINDIR%\systemtemp\pss5ea4.ps1
- %WINDIR%\systemtemp\scr5e93.ps1
- %TEMP%\fast video cutter joiner1.cab
- %TEMP%\fast video cutter joiner\setup.exe
- %TEMP%\ai_extui_bin_2388\dialog.jpg
- %TEMP%\ai_extui_bin_2388\completi
- %TEMP%\ai_extui_bin_2388\custicon
- %TEMP%\ai_extui_bin_2388\exclamic
- %TEMP%\ai_extui_bin_2388\info
- %TEMP%\ai_extui_bin_2388\insticon
- %TEMP%\ai_extui_bin_2388\removico
- %TEMP%\ai_extui_bin_2388\repairic
- %TEMP%\ai_extui_bin_2388\up
- %TEMP%\ai_extui_bin_2388\new
- %TEMP%\ai_extui_bin_2388\banner.jpg
- %TEMP%\ai_extui_bin_2388\tabback
- %TEMP%\ai_extui_bin_2388\cmdlinkarrow
- %TEMP%\ai_extui_bin_2388\dialog.scale125.jpg
- %TEMP%\ai_extui_bin_2388\banner.svg
- %TEMP%\ai_extui_bin_2388\lzmaextractor.dll
- %TEMP%\ai_extui_bin_2388\dialog.svg
- %TEMP%\ai_extui_bin_2388\banner.scale125.jpg
- %TEMP%\ai_extui_bin_2388\banner.scale150.jpg
- %TEMP%\ai_extui_bin_2388\banner.scale200.jpg
- %TEMP%\ai_extui_bin_2388\dialog.scale150.jpg
- %TEMP%\ai_extui_bin_2388\dialog.scale200.jpg
Перемещает следующие файлы
- %LOCALAPPDATA%\fast video cutter joiner\is-6l3k6.tmp в %LOCALAPPDATA%\fast video cutter joiner\unins000.exe
- %LOCALAPPDATA%\fast video cutter joiner\is-urkdk.tmp в %LOCALAPPDATA%\fast video cutter joiner\videocutjoin.exe
- %LOCALAPPDATA%\fast video cutter joiner\is-65do3.tmp в %LOCALAPPDATA%\fast video cutter joiner\options.ini
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-lkghr.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\dutch.isl
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-o0ok7.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\english.isl
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-51sk8.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\french.isl
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-vn2pk.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\italian.isl
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-fs4er.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\lug.idx
- %LOCALAPPDATA%\fast video cutter joiner\languages\is-nv2s5.tmp в %LOCALAPPDATA%\fast video cutter joiner\languages\spanish.isl
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-29hf1.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\avcodec-61.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-a0iuh.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\avdevice-61.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-iqt2b.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\avfilter-10.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-7054m.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\avformat-61.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-cq0sm.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\avutil-59.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-idkhs.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\readme-sdl.txt
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-jgbe4.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\sdl2.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-srcmi.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\soundtouch.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-t9590.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\swresample-5.dll
- %LOCALAPPDATA%\fast video cutter joiner\libav\is-mf3ee.tmp в %LOCALAPPDATA%\fast video cutter joiner\libav\swscale-8.dll
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\shared_proto_db\metadata\current
- %LOCALAPPDATA%\fast video cutter joiner\videocutjoin.exe в C:\config.msi\f25d2.rbf
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\budgetdatabase\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\budgetdatabase\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\current
Изменяет следующие файлы
- %LOCALAPPDATA%\microsoft\edge\user data\last version
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\site characteristics database\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data
- %LOCALAPPDATA%\microsoft\edge\user data\default\visited links
- %LOCALAPPDATA%\microsoft\edge\user data\default\history-journal
- %LOCALAPPDATA%\microsoft\tokenbroker\cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\history
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons
Подменяет следующие файлы
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG
- %LOCALAPPDATA%\fast video cutter joiner\videocutjoin.exe
Сетевая активность
Подключается к
- 'zx##007.com':80
- 'co####.edge.skype.com':443
- 'vi#####tterjoiner.com':443
- 'r1#.#.lencr.org':80
- 'x1.#.lencr.org':80
- 'si##.##ntabostorage.com':443
TCP
Запросы HTTP GET
- http://r1#.#.lencr.org/
- http://x1.#.lencr.org/
Запросы HTTP POST
- http://www.zx##007.com/c_tj_en/tosp.asp?id########################
Другие
- 'co####.edge.skype.com':443
- 'vi#####tterjoiner.com':443
- 'si##.##ntabostorage.com':443
UDP
- DNS ASK zx##007.com
- DNS ASK co####.edge.skype.com
- DNS ASK vi#####tterjoiner.com
- DNS ASK r1#.#.lencr.org
- DNS ASK x1.#.lencr.org
- DNS ASK si##.##ntabostorage.com
Другое
Ищет следующие окна
- ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\Microsoft\Edge\User Data'
Создает и запускает на исполнение
- '%TEMP%\fast video cutter joiner\setup.exe' /silent
- '%TEMP%\is-ial05.tmp\setup.tmp' /SL5="$90050,23020023,845824,%TEMP%\Fast Video Cutter Joiner\Setup.exe" /silent
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "%WINDIR%\SystemTemp\pss5EA4.ps1" -propFile "%WINDIR%\SystemTemp\msi5E82.txt" -scriptFile "%WINDIR%\SystemTemp\scr5E93.ps1" -scriptArgsF...
Запускает на исполнение
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --single-argument https://www.videocutterjoiner.com/
- '%WINDIR%\syswow64\msiexec.exe' /i "%TEMP%\Fast Video Cutter Joiner.msi" AI_SETUPEXEPATH=<Полный путь к файлу> SETUPEXEDIR=<Текущая директория>\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1772687407 " AI_EUIMSI="" ...
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --flag-switches-begin --flag-switches-end --do-not-de-elevate https://www.videocutterjoiner.com/ (со скрытым окном)
- '%ProgramFiles(x86)%\microsoft\edge\application\89.0.774.68\identity_helper.exe' --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,14702029818636392619,13151357452506594364,131072 --lang=en-US --service-sandbox-type=none --mojo...
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\EXE8E62.bat" " (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\EXE8F9B.bat" " (со скрытым окном)
- '%WINDIR%\syswow64\attrib.exe' -r "\\?\%TEMP%\FASTVI~1.MSI"
- '%WINDIR%\syswow64\attrib.exe' -r "%TEMP%\EXE8E62.bat"
- '%WINDIR%\syswow64\attrib.exe' -r "%TEMP%\EXE8F9B.bat"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" del "%TEMP%\EXE8E62.bat" "
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" cls"
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" del "%TEMP%\EXE8F9B.bat" "
