Technical Information
- %WINDIR%\temp\caba5d0.tmp
- %WINDIR%\temp\tara5d1.tmp
- %ALLUSERSPROFILE%\tasksupport\taskstarter.exe
- %ALLUSERSPROFILE%\tasksupport\taskstarter.exe
- %WINDIR%\temp\caba5d0.tmp
- %WINDIR%\temp\tara5d1.tmp
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK pa###bin.com
- DNS ASK microsoft.com
- '%ALLUSERSPROFILE%\tasksupport\taskstarter.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport\TaskUpdater.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport\TaskStarter.exe' (with hidden window)
- '%ALLUSERSPROFILE%\tasksupport\taskstarter.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport\TaskUpdater.exe
- '%WINDIR%\syswow64\cmd.exe' /c ATTRIB +h +s %ALLUSERSPROFILE%\TaskSupport\TaskStarter.exe
- '%WINDIR%\syswow64\attrib.exe' +h +s %ALLUSERSPROFILE%\TaskSupport\TaskUpdater.exe
- '%WINDIR%\syswow64\attrib.exe' +h +s %ALLUSERSPROFILE%\TaskSupport
- '%WINDIR%\syswow64\attrib.exe' +h +s %ALLUSERSPROFILE%\TaskSupport\TaskStarter.exe