Техническая информация
- <SYSTEM32>\tasks\explorer
- <SYSTEM32>\tasks\firefox
- %WINDIR%\twunk_32\explorer.exe
- %WINDIR%\twunk_32\7a0fd90576e08807bde2cc57bcf9854bbce05fe3
- %WINDIR%\enterprise\explorer.exe
- %WINDIR%\enterprise\7a0fd90576e08807bde2cc57bcf9854bbce05fe3
- %ProgramFiles(x86)%\mozilla firefox\dependentlibs\firefox.exe
- %ProgramFiles(x86)%\mozilla firefox\dependentlibs\0fc223bdacedc38dd6d2772d547ade1563558e92
- <Текущая директория>\lbcsidgl9e
- <Текущая директория>\qzwrojyaeu.bat
- nul
- <Текущая директория>\lbcsidgl9e
- '80.#7.193.1':80
- 'ip##pi.com':80
- http://80.#7.193.1/meta-data/cgi-bin/pipephpcpu.php?2Y###########################################################################################################################################...
- DNS ASK ip##pi.com
- '%ProgramFiles(x86)%\mozilla firefox\dependentlibs\firefox.exe'
- '%WINDIR%\syswow64\cmd.exe' /C "<Текущая директория>\qzWROJyAeU.bat"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'%WINDIR%\twunk_32\explorer.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'%WINDIR%\Enterprise\explorer.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "firefox" /sc ONLOGON /tr "'%ProgramFiles(x86)%\Mozilla Firefox\dependentlibs\firefox.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\cmd.exe' /C "<Текущая директория>\qzWROJyAeU.bat"
- '%WINDIR%\syswow64\chcp.com' 65001
- '%WINDIR%\syswow64\ping.exe' -n 5 localhost