Техническая информация
- %WINDIR%\Tasks\Microsoft Office Fetcher.job
- '<SYSTEM32>\schtasks.exe' /delete "Microsoft DRM License Checker" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "Microsoft Office Fetcher" /tr "rundll32.exe "%WINDIR%\Fonts\86f1257.fon",ivvzmzsbkvpowyecidl" /sc minute /mo 60 /ru system
- '<SYSTEM32>\ping.exe' google.com
- '<SYSTEM32>\wscript.exe' %TEMP%\\persist.vbs
- '<SYSTEM32>\cmd.exe' /C %TEMP%\1.tmp.bat
- '<SYSTEM32>\schtasks.exe' /delete "Microsoft Office Fetcher" /f
- %APPDATA%\Microsoft\Address Book\URNXZMAV.wab
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.srlite
- %TEMP%\1.tmp.bat
- %HOMEPATH%\Local Settings\History\History.IE5\ineex.dat
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\secmoe.db
- %TEMP%\persist.vbs
- %TEMP%\hl
- <LS_APPDATA>\Identities\{5518F2FB-DB74-45A3-BEC1-4575D8D9DC84}\Microsoft\Outlook Express\Iobox.dbx
- %WINDIR%\Fonts\86f1257.fon
- %TEMP%\persist.vbs
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'