Technical Information
- <SYSTEM32>\tasks\malayamaraupdate
- %TEMP%\u1k0.0.exe
- %TEMP%\u1k0.1.exe
- %APPDATA%\temp\task.bat
- '18#.#72.128.90':80
- '5.##.64.33':80
- '18#.#72.128.109':80
- '18#.#72.128.79':80
- http://18#.#72.128.90/cpa/ping.php?su#################
- http://5.##.64.33/syncUpd.exe
- http://5.##.64.33/ping.php?su######
- http://18#.#72.128.109/BroomSetup.exe
- ClassName: 'msctls_updown32' WindowName: ''
- '%TEMP%\u1k0.0.exe'
- '%TEMP%\u1k0.1.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\Temp\Task.bat" "
- '%WINDIR%\syswow64\chcp.com' 1251
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "MalayamaraUpdate" /tr "'%TEMP%\Updater.exe'" /sc minute /mo 30 /F