Техническая информация
- %WINDIR%\Tasks\Parker.job
- '<SYSTEM32>\ping.exe' -n 1 qur.dnnslpn.com
- '<SYSTEM32>\wscript.exe' "%APPDATA%\windows.vbs"
- '<SYSTEM32>\schtasks.exe' /Create /TN Parker /SC ONLOGON /TR "wscript.exe /B """%APPDATA%\windows.vbs"""" /RU SYSTEM
- %ALLUSERSPROFILE%\ppctrl.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\comphp[1].php
- %ALLUSERSPROFILE%\user.tmp
- %ALLUSERSPROFILE%\MZђ
- %ALLUSERSPROFILE%\pck.tmp
- %APPDATA%\windows.vbs
- %TEMP%\8060.tmp
- %ALLUSERSPROFILE%\ppctrl.dat
- %APPDATA%\windows.vbs
- %TEMP%\8060.tmp
- 'localhost':1039
- 'qu#.#nnslpn.com':80
- qu#.#nnslpn.com/newdon/comphp.php?ti#######################################
- qu#.#nnslpn.com/bisdtpck.txt
- qu#.#nnslpn.com/bisupdpck.txt
- DNS ASK qu#.#nnslpn.com