Техническая информация
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- C:\RECYCLER\123\123.vbs
- C:\RECYCLER\123\123.vbs (загружен из сети Интернет)
- <SYSTEM32>\wbem\wmic.exe process call create 'At 13:43 cmd /c schtasks /create /RU aierwl /RP Aerwl578878142 /tn AL1 /tr C:\RECYCLER\123\zhuce.bat /sc ONCE /st 13:44:00'
- <SYSTEM32>\at.exe 13:43 cmd /c schtasks /create /RU aierwl /RP Aerwl578878142 /tn AL1 /tr C:\RECYCLER\123\zhuce.bat /sc ONCE /st 13:44:00
- <SYSTEM32>\cmd.exe /c C:\RECYCLER\123\zhuce.bat
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\sc.exe start schedule
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- C:\RECYCLER\123\krnln.fne
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp3.tmp
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\lyzck[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zhuce[1].bat
- C:\RECYCLER\123\123.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\123[1].vbs
- C:\RECYCLER\123\update.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\update[1].exe
- C:\RECYCLER\123\zhuce.bat
- %TEMP%\tmp3.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- '60.##.168.26':80
- 'localhost':1035
- 60.##.168.26/zdgx/dat/update.exe
- 60.##.168.26/zdgx/dat/lyzck.dat
- 60.##.168.26/zdgx/dat/123.vbs
- 60.##.168.26/zdgx/dat/zhuce.bat