Техническая информация
- %WINDIR%\Tasks\At4.job
- %WINDIR%\Tasks\At5.job
- %WINDIR%\Tasks\At6.job
- %WINDIR%\Tasks\At1.job
- %WINDIR%\Tasks\At2.job
- %WINDIR%\Tasks\At3.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- %PROGRAM_FILES%\З§З§ѕІМэ\<Имя вируса>.exe
- <SYSTEM32>\at.exe 15:00 /every:M,T,W,Th,F,S,Su "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\at.exe 12:00 /every:M,T,W,Th,F,S,Su "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\at.exe 19:00 /every:M,T,W,Th,F,S,Su "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\at.exe 18:32 "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\at.exe 20:00 /every:M,T,W,Th,F,S,Su "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\sc.exe config schedule start= auto
- <SYSTEM32>\cmd.exe /c "%PROGRAM_FILES%\З§З§ѕІМэ\Updata_files.bat"
- <SYSTEM32>\sc.exe start schedule
- <SYSTEM32>\at.exe 9:00 /every:M,T,W,Th,F,S,Su "%PROGRAM_FILES%\╟з╟з╛▓╠¤\ttplayer.exe"
- <SYSTEM32>\at.exe /delete /y
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\uplist[1].txt
- %PROGRAM_FILES%\З§З§ѕІМэ\Updata\UpList.ini
- %PROGRAM_FILES%\З§З§ѕІМэ\Updata_files.bat
- %PROGRAM_FILES%\З§З§ѕІМэ\<Имя вируса>.exe
- %PROGRAM_FILES%\З§З§ѕІМэ\Qset.ini
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\uplist[1].txt
- 'ta####.lylwc.com':80
- ta####.lylwc.com/S_Updata/uplist.txt
- DNS ASK ta####.lylwc.com