Техническая информация
- %WINDIR%\Tasks\At7.job
- %WINDIR%\Tasks\At6.job
- %WINDIR%\Tasks\At8.job
- %WINDIR%\Tasks\At10.job
- %WINDIR%\Tasks\At9.job
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At3.job
- %WINDIR%\Tasks\At5.job
- %WINDIR%\Tasks\At4.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- <SYSTEM32>\at.exe 6:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 5:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 4:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 7:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 10:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 9:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 8:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 3:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\sc.exe config Schedule start= auto
- <SYSTEM32>\schtasks.exe /delete /tn * /f
- <SYSTEM32>\cmd.exe /c %WINDIR%\1D2FB0C7\JH.BAT
- <SYSTEM32>\net1.exe start "Task Scheduler"
- <SYSTEM32>\at.exe 2:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 1:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- <SYSTEM32>\at.exe 0:00 /interactive %WINDIR%\1D2FB0C7\svchsot.exe
- %WINDIR%\1D2FB0C7\JH.BAT
- из <Полный путь к вирусу> в %WINDIR%\1D2FB0C7\svchsot.exe
- 'localhost':8080
- 'wi###m.3322.org':8080
- 'wi###m.gicp.net':8080
- DNS ASK wi###m.3322.org
- DNS ASK wi###m.gicp.net
- ClassName: '' WindowName: '??????????????'