Техническая информация
- %WINDIR%\Tasks\Parker.job
- '<SYSTEM32>\wscript.exe' "%APPDATA%\windows.vbs"
- '<SYSTEM32>\ping.exe' -n 1 pq.psdbar.com
- '<SYSTEM32>\taskkill.exe' /f /im wlmail.exe
- '<SYSTEM32>\schtasks.exe' /Create /TN Parker /SC ONLOGON /TR "wscript.exe /B """%APPDATA%\windows.vbs"""" /RU SYSTEM
- %TEMP%\6228.tmp
- %ALLUSERSPROFILE%\MZђ
- %TEMP%\3534.tmp
- %ALLUSERSPROFILE%\sys.txt
- %APPDATA%\windows.vbs
- %APPDATA%\windows.vbs
- %TEMP%\6228.tmp
- %TEMP%\3534.tmp
- 'pq.##dbar.com':80
- pq.##dbar.com/updtxt/MZ%D1%92
- pq.##dbar.com/upd.txt
- DNS ASK pq.##dbar.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''