Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- C:\RECYCLER\123\123.vbs
- C:\RECYCLER\123\123.vbs (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c C:\RECYCLER\123\zhuce.bat
- <SYSTEM32>\wbem\wmic.exe process call create 'At 16:50 cmd /c schtasks /create /RU aierwl /RP Aerwl578878142 /tn AL1 /tr C:\RECYCLER\123\zhuce.bat /sc ONCE /st 16:51:00'
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\sc.exe start schedule
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\update[1].exe
- C:\RECYCLER\123\zhuce.bat
- C:\RECYCLER\123\update.exe
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- C:\RECYCLER\123\krnln.fne
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\lyzck[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\123[1].vbs
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\zhuce[1].bat
- C:\RECYCLER\123\123.vbs
- %TEMP%\tmp1.tmp
- '60.##.168.26':80
- 'localhost':1035
- 60.##.168.26/zdgx/dat/zhuce.bat
- 60.##.168.26/zdgx/dat/update.exe
- 60.##.168.26/zdgx/dat/lyzck.dat
- 60.##.168.26/zdgx/dat/123.vbs