Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\IE40.{88E6680F-00FF-D100-0020-834BA8D10008}\IE40.cmd'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '<SYSTEM32>\IE40.{88E6680F-00FF-D100-0020-834BA8D10008}\IE40.cmd'
- %WINDIR%\Tasks\IE40.job
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="<SYSTEM32>\svchost.exe" name="Windows Update" mode=ENABLE scope=ALL profile=ALL
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\schtasks.exe' /Create /ru "SYSTEM" /SC ONSTART /TN "IE40" /TR "<SYSTEM32>\IE40.{88E6680F-00FF-D100-0020-834BA8D10008}\IE40.cmd"
- <SYSTEM32>\tasklist.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %TEMP%\nsh2.tmp\System.dll
- <SYSTEM32>\IE40.{88E6680F-00FF-D100-0020-834BA8D10008}\IE40.cmd
- %APPDATA%\users.DAT
- %TEMP%\log4j_license.txt
- %TEMP%\Greatgrandson.djhh
- %TEMP%\dabsters.dll
- '18#.#44.30.128':80
- 'localhost':5447
- 'localhost':4620
- http://18#.#44.30.128/drb31.php?a=###############################################################################################################################################################...