Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- C:\RECYCLER\123\123.vbs
- C:\RECYCLER\123\123.vbs (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c C:\RECYCLER\123\zhuce.bat
- <SYSTEM32>\wbem\wmic.exe process call create 'At 13:22 cmd /c schtasks /create /RU aierwl /RP Aerwl578878142 /tn AL1 /tr C:\RECYCLER\123\zhuce.bat /sc ONCE /st 13:23:00'
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\sc.exe start schedule
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\lyzck[1].dat
- C:\RECYCLER\123\update.exe
- C:\RECYCLER\123\krnln.fne
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- C:\RECYCLER\123\123.vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\123[1].vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\zhuce[1].bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\update[1].exe
- C:\RECYCLER\123\zhuce.bat
- %TEMP%\tmp1.tmp
- '60.##.168.26':80
- 'localhost':1035
- 60.##.168.26/zdgx/dat/update.exe
- 60.##.168.26/zdgx/dat/lyzck.dat
- 60.##.168.26/zdgx/dat/123.vbs
- 60.##.168.26/zdgx/dat/zhuce.bat