Technical Information
- %WINDIR%\Tasks\Smart_scans.job
- %TEMP%\Cab3.tmp
- %TEMP%\Cab5.tmp
- %TEMP%\Cab1.tmp
- <Current directory>\Microsoft.Win32.TaskScheduler.dll
- %APPDATA%\Microsoft\pl-cr\1.0.0.0\pl-cr.exe
- <Full path to file>
- <Current directory>\Microsoft.Win32.TaskScheduler.dll
- %TEMP%\Cab5.tmp
- %TEMP%\Cab1.tmp
- %TEMP%\Cab3.tmp
- 'www.download.windowsupdate.com':80
- 'cr#.##modoca.com':80
- 'wp#d':80
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- http://cr#.##modoca.com/COMODORSACodeSigningCA.crt
- http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- http://11#.#11.111.1/wpad.dat via wp#d
- http://cr#.##modoca.com/COMODORSAAddTrustCA.crt
- DNS ASK www.download.windowsupdate.com
- DNS ASK cr#.##modoca.com
- DNS ASK wp#d
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 15000
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 25000
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 15000 > Nul & Del "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 25000 > Nul & Del "<Current directory>\Microsoft.Win32.TaskScheduler.dll"