Техническая информация
- %WINDIR%\Tasks\Microsoft Office Fetcher.job
- '<SYSTEM32>\schtasks.exe' /delete "Microsoft DRM License Checker" /f
- '<SYSTEM32>\schtasks.exe' /create /tn "Microsoft Office Fetcher" /tr "rundll32.exe "%WINDIR%\Fonts\dpsapp.fon",rvndrdhjjvefnedyaok" /sc minute /mo 60 /ru system
- '<SYSTEM32>\ping.exe' google.com
- '<SYSTEM32>\wscript.exe' %TEMP%\\persist.vbs
- '<SYSTEM32>\cmd.exe' /C %TEMP%\1.tmp.bat
- '<SYSTEM32>\schtasks.exe' /delete "Microsoft Office Fetcher" /f
- %HOMEPATH%\Local Settings\History\History.IE5\MSHist012011111020111111\indey.dat
- <LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\XUM.mfl
- %TEMP%\1.tmp.bat
- %HOMEPATH%\Local Settings\History\History.IE5\index.dbt
- <LS_APPDATA>\JconCache.db
- %TEMP%\persist.vbs
- %TEMP%\hl
- <LS_APPDATA>\Mozilla\Firefox\Profiles\cwdgt0y8.default\urlclassifier3.sqliue
- %WINDIR%\Fonts\dpsapp.fon
- %TEMP%\persist.vbs
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'