Technical Information
- <SYSTEM32>\tasks\ergvrdvmsk
- %ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe
- %TEMP%\tmp709d.tmp.bat
- nul
- %ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe
- '18#.#72.128.11':80
- http://18#.#72.128.11//zima.php?mi######
- '%ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe'
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"' (with hidden window)
- '%ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp709D.tmp.bat""
- '<SYSTEM32>\timeout.exe' 3
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"
- '<SYSTEM32>\schtasks.exe' /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"
- '<SYSTEM32>\taskeng.exe' {EE2A7748-E992-44CB-9C48-CA308A23F79A} S-1-5-21-1238866942-1249195528-555854008-1000:gfmgsqpiziqa\user:Interactive:[1]