Technical Information
- <SYSTEM32>\tasks\ergvrdvmsk
- %ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe
- %TEMP%\tmp6e0e.tmp.bat
- nul
- %ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe
- '18#.#72.128.11':80
- http://18#.#72.128.11//zima.php?mi######
- '%ALLUSERSPROFILE%\systempropertiesdataexecutionprevention\.exe'
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp6E0E.tmp.bat""
- '<SYSTEM32>\timeout.exe' 3
- '<SYSTEM32>\cmd.exe' /c schtasks /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"
- '<SYSTEM32>\schtasks.exe' /create /f /sc MINUTE /mo 3 /RL HIGHEST /tn "ERGVRDVMSK" /tr "%ALLUSERSPROFILE%\SystemPropertiesDataExecutionPrevention\.exe"