Technical Information
- <SYSTEM32>\tasks\driver
- <SYSTEM32>\tasks\googleupdatetaskmachinecores
- <Current directory>\tes.bat
- %ALLUSERSPROFILE%\msocache\firststart.txt
- %WINDIR%\temp\cab982.tmp
- %WINDIR%\temp\tar983.tmp
- <Current directory>\tes.bat
- %WINDIR%\temp\cab982.tmp
- %WINDIR%\temp\tar983.tmp
- from <Full path to file> to %ALLUSERSPROFILE%\msocache\googleupdete.exe
- 'localhost':49174
- 'ap#.#yip.com':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'localhost':49175
- 'ap#.#yip.com':443
- DNS ASK ap#.#yip.com
- DNS ASK microsoft.com
- '%ALLUSERSPROFILE%\msocache\googleupdete.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c tes.bat
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\attrib.exe' +H +S /D "%ALLUSERSPROFILE%\MSOCache\"
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /TN Driver /F /TR "%ALLUSERSPROFILE%\MSOCache\GoogleUpdete.exe"
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC MINUTE /TN GoogleUpdateTaskMachineCores /F /TR "%ALLUSERSPROFILE%\MSOCache\GoogleUpdete1.exe"
- '<SYSTEM32>\taskeng.exe' {9B276BD7-A4E5-416F-8A29-A447FFD2D052} S-1-5-21-1960123792-2022915161-3775307078-1001:gtasnqvnaugr\user:Interactive:[1]