Technical Information
- <SYSTEM32>\tasks\smsss
- <SYSTEM32>\tasks\wininitw
- <SYSTEM32>\tasks\lsm
- <SYSTEM32>\tasks\audiodga
- <SYSTEM32>\tasks\firefoxf
- <SYSTEM32>\tasks\firefox
- <SYSTEM32>\tasks\systems
- <SYSTEM32>\tasks\lsml
- <SYSTEM32>\tasks\audiodg
- <SYSTEM32>\tasks\iexplore
- <SYSTEM32>\tasks\lsass
- <SYSTEM32>\tasks\iexplorei
- <SYSTEM32>\tasks\lsassl
- <SYSTEM32>\tasks\csrssc
- <SYSTEM32>\tasks\csrss
- <SYSTEM32>\tasks\smss
- <SYSTEM32>\tasks\system
- <SYSTEM32>\tasks\wininit
- %ProgramFiles(x86)%\steam\config\config.vdf
- %ProgramFiles(x86)%\steam\config\dialogconfig.vdf
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %APPDATA%\opera software\opera stable\login data
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %ProgramFiles(x86)%\windows sidebar\en-us\smss.exe
- %TEMP%\cac4a5005aa358255ffc10355c3921b722312b64.exe
- %TEMP%\4b5bba03-943d-4da2-aabd-01f66df15e5d.vbs
- %TEMP%\sp6zcfvoyo
- %TEMP%\1jioqkhpjr
- %TEMP%\teyvptkupy
- %TEMP%\xivzozaqcp
- %TEMP%\qp7ugs19sm
- %HOMEPATH%\links\56085415360792
- %TEMP%\5430457f-13fe-465f-8e5b-002a2d5d84fa.vbs
- %TEMP%\pbe7htnj90
- %TEMP%\9ztstsz5lk
- %TEMP%\nzcd3ktdpg
- %TEMP%\xpimpjimzc
- %TEMP%\3ut74avqdb
- %TEMP%\nt8so2fhhs
- %TEMP%\meubbu0gdu
- %TEMP%\tmfircgfi3
- %TEMP%\k0w4afyxtm
- %TEMP%\sikbt67ahz
- %HOMEPATH%\links\wininit.exe
- C:\far2\pluginsdk\headers.pas\42af1c969fbb7b
- C:\far2\pluginsdk\headers.pas\audiodg.exe
- %HOMEPATH%\my documents\csrss.exe
- %HOMEPATH%\my documents\886983d96e3d3e
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\lsass.exe
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\6203df4a6bafc7
- %ProgramFiles%\rescue\iexplore.exe
- %ProgramFiles%\rescue\9db6e019d4f04e
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\886983d96e3d3e
- %ProgramFiles(x86)%\windows sidebar\en-us\69ddcba757bf72
- %ProgramFiles(x86)%\steam\firefox.exe
- %WINDIR%\cursors\audiodg.exe
- %WINDIR%\cursors\42af1c969fbb7b
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\lsm.exe
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\101b941d020240
- C:\users\public\recorded tv\sample media\system.exe
- C:\users\public\recorded tv\sample media\27d1bcfc3c54e0
- C:\far2\documentation\eng\firefox.exe
- C:\far2\documentation\eng\0fc223bdacedc3
- %ProgramFiles(x86)%\steam\0fc223bdacedc3
- %TEMP%\ynzo2eqphw
- %TEMP%\ebegaz91gk
- %TEMP%\sp6zcfvoyo
- %TEMP%\tmfircgfi3
- %TEMP%\meubbu0gdu
- %TEMP%\nt8so2fhhs
- %TEMP%\3ut74avqdb
- %TEMP%\xpimpjimzc
- %TEMP%\nzcd3ktdpg
- %TEMP%\ynzo2eqphw
- %TEMP%\9ztstsz5lk
- %TEMP%\k0w4afyxtm
- %TEMP%\pbe7htnj90
- %TEMP%\qp7ugs19sm
- %TEMP%\xivzozaqcp
- %TEMP%\teyvptkupy
- %TEMP%\1jioqkhpjr
- %TEMP%\sikbt67ahz
- %TEMP%\ebegaz91gk
- '99###.##month.nyashteam.ru':80
- http://99###.##month.nyashteam.ru/nyashsupport.php?2E############################################################################################################################################...
- http://99###.##month.nyashteam.ru/nyashsupport.php?BL############################################################################################################################################...
- DNS ASK 99###.##month.nyashteam.ru
- '%WINDIR%\cursors\audiodg.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\5430457f-13fe-465f-8e5b-002a2d5d84fa.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\4b5bba03-943d-4da2-aabd-01f66df15e5d.vbs"
- '%WINDIR%\cursors\audiodg.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /tn "smsss" /sc MINUTE /mo 11 /tr "'%ProgramFiles(x86)%\Windows Sidebar\en-US\smss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsml" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\lsm.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsm" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsml" /sc MINUTE /mo 9 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\lsm.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemS" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Recorded TV\Sample Media\System.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "System" /sc ONLOGON /tr "'C:\Users\Public\Recorded TV\Sample Media\System.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodg" /sc ONLOGON /tr "'%WINDIR%\Cursors\audiodg.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodga" /sc MINUTE /mo 13 /tr "'%WINDIR%\Cursors\audiodg.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "SystemS" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Recorded TV\Sample Media\System.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 8 /tr "'C:\Far2\Documentation\eng\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodga" /sc MINUTE /mo 10 /tr "'C:\Far2\PluginSDK\Headers.pas\audiodg.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodg" /sc ONLOGON /tr "'C:\Far2\PluginSDK\Headers.pas\audiodg.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodga" /sc MINUTE /mo 14 /tr "'C:\Far2\PluginSDK\Headers.pas\audiodg.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininitw" /sc MINUTE /mo 8 /tr "'%HOMEPATH%\Links\wininit.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 14 /tr "'C:\Far2\Documentation\eng\firefox.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefox" /sc ONLOGON /tr "'C:\Far2\Documentation\eng\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "audiodga" /sc MINUTE /mo 6 /tr "'%WINDIR%\Cursors\audiodg.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 12 /tr "'%ProgramFiles(x86)%\Steam\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefox" /sc ONLOGON /tr "'%ProgramFiles(x86)%\Steam\firefox.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "smsss" /sc MINUTE /mo 12 /tr "'%ProgramFiles(x86)%\Windows Sidebar\en-US\smss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'%HOMEPATH%\My Documents\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'%HOMEPATH%\My Documents\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'%HOMEPATH%\My Documents\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\lsass.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsass" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "smss" /sc ONLOGON /tr "'%ProgramFiles(x86)%\Windows Sidebar\en-US\smss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "lsassl" /sc MINUTE /mo 7 /tr "'C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\lsass.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplore" /sc ONLOGON /tr "'%ProgramFiles%\Rescue\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 8 /tr "'%ProgramFiles%\Rescue\iexplore.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\csrss.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "firefoxf" /sc MINUTE /mo 8 /tr "'%ProgramFiles(x86)%\Steam\firefox.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "iexplorei" /sc MINUTE /mo 12 /tr "'%ProgramFiles%\Rescue\iexplore.exe'" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininit" /sc ONLOGON /tr "'%HOMEPATH%\Links\wininit.exe'" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'%HOMEPATH%\Links\wininit.exe'" /rl HIGHEST /f