Technical Information
- <SYSTEM32>\tasks\explorer
- <SYSTEM32>\tasks\spoolsv
- <SYSTEM32>\tasks\smss
- C:\msocache\all users\explorer.exe
- C:\msocache\all users\7a0fd90576e08807bde2cc57bcf9854bbce05fe3
- <SYSTEM32>\unimdm\spoolsv.exe
- <SYSTEM32>\unimdm\f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
- <SYSTEM32>\kbdinuk2\spoolsv.exe
- <SYSTEM32>\kbdinuk2\f3b6ecef712a24f33798f5d2fb3790c3d9b894c4
- <SYSTEM32>\tssrvlic\smss.exe
- <SYSTEM32>\tssrvlic\69ddcba757bf72f7d36c464c71f42baab150b2b9
- 'ce####5.tmweb.ru':80
- 'vh###.timeweb.ru':443
- http://ce####5.tmweb.ru/VideojsbigloadUniversaltrack.php?J0###############################################################################################################################
- DNS ASK ce####5.tmweb.ru
- DNS ASK vh###.timeweb.ru
- '<SYSTEM32>\tssrvlic\smss.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'C:\MSOCache\All Users\explorer.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "spoolsv" /sc ONLOGON /tr "'<SYSTEM32>\unimdm\spoolsv.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "spoolsv" /sc ONLOGON /tr "'<SYSTEM32>\KBDINUK2\spoolsv.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "smss" /sc ONLOGON /tr "'<SYSTEM32>\tssrvlic\smss.exe'" /rl HIGHEST /f