Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\windows.jse
- %WINDIR%\Tasks\IDManUpdater.job
- %HOMEPATH%\Start Menu\Programs\Startup\explorer.lnk
- '<SYSTEM32>\schtasks.exe' /Create /Sc MINUTE /mo 50 /tn IDManUpdater /tr "<SYSTEM32>\mshta.exe C:\IDM\IDMan.DB"
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "C:\Sp\q.doc"
- '<SYSTEM32>\mshta.exe' C:\IDM\IDMan.DB
- '<SYSTEM32>\cmd.exe' /S /D /c" Echo Y"
- '<SYSTEM32>\cmd.exe' /c C:\Sp\q.doc
- '<SYSTEM32>\cmd.exe' /c mshta.exe C:\IDM\IDMan.DB
- '<SYSTEM32>\cmd.exe' /c Echo Y| SCHTASKS /Create /Sc MINUTE /mo 50 /tn IDManUpdater /tr "<SYSTEM32>\mshta.exe C:\IDM\IDMan.DB"
- C:\IDM\IDMan.DB
- C:\Sp\q.doc
- 'localhost':1040
- 'ma###0.spdns.eu':3030
- 'localhost':1037
- 'da###.gleeze.com':3030
- DNS ASK ma###0.spdns.eu
- DNS ASK da###.gleeze.com
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''