Техническая информация
- '<SYSTEM32>\findstr.exe' /i "6\.1\."
- '<SYSTEM32>\findstr.exe' /i "5\.1\."
- <LS_APPDATA>\qb0252C9.8A\dw.exe
- %TEMP%\thumbs.db
- %TEMP%\CX0FQQYR.bat
- %TEMP%\CX0FQQYR.bat
- <LS_APPDATA>\qb0252C9.8A\dw.exe
- %TEMP%\CX0FQQYR.bat
- %TEMP%\~DF6E29.tmp
- 'www.ca#####oprotestobr.com':80
- 'localhost':1038
- www.ca#####oprotestobr.com/notify.php
- DNS ASK www.ca#####oprotestobr.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''