Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%APPDATA%\WindowsUpdate.exe'
- <Full path to file>
- <SYSTEM32>\tasks\update\chrome
- hidden files
- %WINDIR%\syswow64\cmd.exe
- %APPDATA%\mozilla\firefox\profiles.ini
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %TEMP%\chrome.txt
- %TEMP%\tmpbba2.tmp
- %TEMP%\1867055086.xml
- %TEMP%\1021652079.xml
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\policy.vpol
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\3ccd5499-87a8-4b10-a215-608888dd3b55.vsch
- %PROGRAMDATA%\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\2f1a6504-0641-44cf-8bb5-3612d865f2e5.vsch
- %TEMP%\tmpd2d5.tmp
- %LOCALAPPDATA%\microsoft\vault\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\policy.vpol
- %TEMP%\holderwb.txt
- %TEMP%\7797385.xml
- %TEMP%\711243806.xml
- %TEMP%\1077993742.xml
- %TEMP%\tmpfc48.tmp
- %TEMP%\tmpfd33.tmp
- %TEMP%\tmpfd83.tmp
- %TEMP%\tmpfdf1.tmp
- %TEMP%\811327246.xml
- %TEMP%\tmp758.tmp
- %TEMP%\923723921.xml
- %TEMP%\537401704.xml
- %TEMP%\350129950.xml
- %TEMP%\tmp1d62.tmp
- %TEMP%\569494109.xml
- %TEMP%\1131477484.xml
- %TEMP%\tmpa79c.tmp
- %APPDATA%\windowsupdate.exe
- %TEMP%\tmp975f.tmp
- %TEMP%\1995998008.xml
- %APPDATA%\data.bin
- %TEMP%\sysinfo.txt
- %APPDATA%\windows update.exe
- %TEMP%\1609675791.xml
- %TEMP%\748310638.xml
- %APPDATA%\pid.txt
- %APPDATA%\pidloc.txt
- %TEMP%\1746035073.xml
- %TEMP%\1790647602.xml
- %TEMP%\tmp1f47.tmp
- %TEMP%\tmpee6c.tmp
- %TEMP%\1935878097.xml
- %TEMP%\tmp5afe.tmp
- %TEMP%\1306397227.xml
- %TEMP%\2137786481.xml
- %TEMP%\tmp6ffe.tmp
- %TEMP%\1840521209.xml
- %TEMP%\2020870143.xml
- %TEMP%\tmp7f9f.tmp
- %TEMP%\tmp879f.tmp
- %TEMP%\168703375.xml
- %TEMP%\318621646.xml
- %TEMP%\1021613303.xml
- %TEMP%\1072109787.xml
- %TEMP%\tmp2061.tmp
- %APPDATA%\windows update.exe
- %TEMP%\1021613303.xml
- %TEMP%\923723921.xml
- %TEMP%\811327246.xml
- %TEMP%\7797385.xml
- %TEMP%\1077993742.xml
- %TEMP%\1867055086.xml
- %TEMP%\1021652079.xml
- %TEMP%\holderwb.txt
- %TEMP%\569494109.xml
- %TEMP%\1131477484.xml
- %TEMP%\318621646.xml
- %TEMP%\168703375.xml
- %TEMP%\2020870143.xml
- %TEMP%\1840521209.xml
- %TEMP%\1306397227.xml
- %TEMP%\1072109787.xml
- %TEMP%\711243806.xml
- %TEMP%\1935878097.xml
- %TEMP%\1790647602.xml
- %TEMP%\748310638.xml
- %APPDATA%\data.bin
- %TEMP%\1609675791.xml
- %TEMP%\1995998008.xml
- <SYSTEM32>\tasks\update\chrome
- %TEMP%\350129950.xml
- %TEMP%\537401704.xml
- %APPDATA%\data.bin
- http://wh#####yipaddress.com/
- DNS ASK wh#####yipaddress.com
- DNS ASK ft#.###lalerting.gdn
- '%APPDATA%\windows update.exe'
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\369118130.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1774101355.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\537401704.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\350129950.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\923723921.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\811327246.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1077993742.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\7797385.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1021652079.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1867055086.xml"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\holderwb.txt"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\569494109.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1131477484.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\790845437.xml"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /stext "%TEMP%\holdermail.txt"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\168703375.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\2020870143.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1840521209.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1306397227.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1072109787.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\711243806.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1935878097.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1790647602.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\748310638.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1609675791.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1995998008.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1021613303.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update\chrome" /F
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\318621646.xml"
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\chrome" /XML "%TEMP%\1441885757.xml"