Техническая информация
- '%TEMP%\nsq5.tmp\ns6.tmp' "schtasks" /Create /SC ONLOGON /TN "UpdateService" /TR "%TEMP%\SoftUpdater.exe \update" /RL HIGHEST
- '%TEMP%\SoftUpdater.exe' /begin
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\schtasks.exe' /Create /SC ONLOGON /TN "UpdateService" /TR "%TEMP%\SoftUpdater.exe \update" /RL HIGHEST
- %TEMP%\nsq5.tmp\ns6.tmp
- %TEMP%\nsq5.tmp\IpConfig.dll
- %TEMP%\softup32.txt
- %TEMP%\nsq5.tmp\inetcEXT.dll
- %TEMP%\SoftUpdater.exe
- %TEMP%\nsc2.tmp
- %TEMP%\nsa4.tmp
- %TEMP%\nsq5.tmp\nsExec.dll
- %TEMP%\nsq5.tmp\System.dll
- %TEMP%\nsq5.tmp\System.dll
- %TEMP%\nsq5.tmp\nsExec.dll
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\roib.2
- %TEMP%\nsq5.tmp\ns6.tmp
- %TEMP%\nsq5.tmp\IpConfig.dll
- %TEMP%\nsq5.tmp\inetcEXT.dll
- %TEMP%\softup32.txt в %TEMP%\roib.2
- 'www.aw###stalls.com':80
- www.aw###stalls.com/roib/?v=###################################################
- DNS ASK www.aw###stalls.com
- ClassName: 'Shell_TrayWnd' WindowName: ''