Техническая информация
- <SYSTEM32>\tasks\'svchost'
- %TEMP%\sgtf2aa.tmp
- C:\users\admini~1\appdata\local\temp\2\googlebingextractor_4.6.0.exe
- C:\users\admini~1\appdata\local\temp\2\googleupdate.exe
- C:\users\admini~1\appdata\local\temp\2\setupbat.bat
- nul
- %TEMP%\is-b3egt.tmp\googlebingextractor_4.6.0.tmp
- %APPDATA%\svchost.exe
- %TEMP%\tmp6f5c.tmp.bat
- %TEMP%\sgtf2aa.tmp
- C:\users\admini~1\appdata\local\temp\2\setupbat.bat
- 'pa###bin.com':443
- DNS ASK pa###bin.com
- 'C:\users\admini~1\appdata\local\temp\2\googlebingextractor_4.6.0.exe'
- 'C:\users\admini~1\appdata\local\temp\2\googleupdate.exe'
- '%TEMP%\is-b3egt.tmp\googlebingextractor_4.6.0.tmp' /SL5="$70230,2031041,818176,C:\Users\admini~1\AppData\Local\Temp\2\GoogleBingExtractor_4.6.0.exe"
- '%APPDATA%\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\admini~1\AppData\Local\Temp\2\SETUPBAT.BAT' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'svchost"' /tr "'%APPDATA%\svchost.exe"'' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\admini~1\AppData\Local\Temp\2\SETUPBAT.BAT
- '%WINDIR%\syswow64\chcp.com' 1252
- '<SYSTEM32>\schtasks.exe' /create /f /sc ONLOGON /RL HIGHEST /tn "'svchost"' /tr "'%APPDATA%\svchost.exe"'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp6F5C.tmp.bat""
- '<SYSTEM32>\timeout.exe' 3