Техническая информация
- %WINDIR%\Tasks\At1.job
- [<HKLM>\SYSTEM\ControlSet001\Services\Schedule] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\ISBCCCS] 'Start' = '00000002'
- '<SYSTEM32>\zcgjq.exe' /service
- '<SYSTEM32>\zcgjq.exe'
- '<SYSTEM32>\axtqj.exe'
- '%TEMP%\Messenger\setup.exe' 2706
- '%TEMP%\Messenger\iexplorer.exe' HELLO_E7848FBB-831E-43a4-AEEE-71C0A3C52EEA_SP
- '<SYSTEM32>\net1.exe' start Schedule
- '<SYSTEM32>\at.exe' 17:29 "%TEMP%\Messenger\cp.bat"
- '<SYSTEM32>\net1.exe' start ISBCCCS
- '<SYSTEM32>\sc.exe' config Schedule start= AUTO
- %TEMP%\Messenger\sysvc.dat
- %TEMP%\Messenger\sysmain.dat
- %TEMP%\Messenger\cp.bat
- <SYSTEM32>\mssrcid.ini
- %TEMP%\Messenger\setup.exe
- %TEMP%\Messenger\dbnetlib.dll
- %TEMP%\Messenger\cc.exe
- %TEMP%\Messenger\nvsys.ini
- %TEMP%\Messenger\iexplorer.exe
- %TEMP%\Messenger\sysmain.dat в <SYSTEM32>\axtqj.exe
- %TEMP%\Messenger\nvsys.ini в <SYSTEM32>\byurk.ini
- %TEMP%\Messenger\sysvc.dat в <SYSTEM32>\zcgjq.exe
- DNS ASK www.de##a.cn