Техническая информация
- '%TEMP%\afolder\wget.exe' /pid=3520
- '%TEMP%\afolder\wget.exe' /pid=1592
- '%TEMP%\afolder\wget.exe' /pid=3600
- '%TEMP%\afolder\wget.exe' /pid=3760
- '%TEMP%\afolder\wget.exe' /pid=3680
- '%TEMP%\afolder\wget.exe' /pid=3420
- '%TEMP%\afolder\wget.exe' /pid=2972
- '%TEMP%\afolder\wget.exe' --server-response --spider --quiet "http://ja###l.sun.com/webapps/download/AutoDL?Bu############"
- '%TEMP%\afolder\wget.exe' /pid=3056
- '%TEMP%\afolder\wget.exe' /pid=3300
- '%TEMP%\afolder\wget.exe' /pid=3140
- '<SYSTEM32>\attrib.exe' --server-response --spider --quiet "http://ja###l.sun.com/webapps/download/AutoDL?Bu############"
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\attrib.exe
- %TEMP%\ztmp\tmp8355.bat
- %TEMP%\ztmp\tmp1025.exe
- %TEMP%\afolder\unzip.exe
- %TEMP%\afolder\wget.exe
- 'ja###l.sun.com':80
- DNS ASK ja###l.sun.com