Technical Information
- <SYSTEM32>\tasks\update\google
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "<Full path to file>" "<File name>.exe" ENABLE
- %TEMP%\update.exe
- %TEMP%\a88888.xml
- %TEMP%\tmp8111.tmp
- %TEMP%\a88888.xml
- %TEMP%\tmp8111.tmp
- http://ap#.#pify.org/?fo###########
- DNS ASK ap#.#pify.org
- DNS ASK cr###ex.me.uk
- DNS ASK a3##########.#eploy.static.akamaitechnologies.info
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\Google" /XML "%TEMP%\a88888.xml"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C more %TEMP%\tmp8111.tmp > <Full path to file>:Zone.Identifier' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "<Full path to file>" "<File name>.exe" ENABLE' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\Google" /XML "%TEMP%\a88888.xml"
- '%WINDIR%\syswow64\cmd.exe' /C more %TEMP%\tmp8111.tmp > <Full path to file>:Zone.Identifier
- '%WINDIR%\syswow64\more.com' %TEMP%\tmp8111.tmp