Техническая информация
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- %APPDATA%\Identities\delete_list
- %APPDATA%\Identities\file_list
- %APPDATA%\Identities\extension_list
- %APPDATA%\Identities\add_list.tmp
- %APPDATA%\Identities\add_list
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %APPDATA%\Identities\add_list.tmp
- 'bo##tns.com':80
- 'wp#d':80
- bo##tns.com/extension_list
- bo##tns.com/%00%00%00%EF%BF%BD%EF%BF%BD%25%08
- bo##tns.com/file_list
- bo##tns.com/delete_list
- bo##tns.com/%00%00%00P%EF%BF%BD
- bo##tns.com/add_list
- wp#d/wpad.dat
- bo##tns.com/$%00%00%00%00%00%00%00%EF%BF%BD8U%DE%99Y;%EF%BF%BD%EF%BF%BDY;%EF%BF%BD%EF%BF%BDY;%EF%BF%BD%17F(%EF%BF%BD%EF%BF%BDY;%EF%BF%BDey)%EF%BF%BD%EF%BF%BDY;%EF%BF%BDRich%EF%BF%BDY;%EF%BF%BD%00%00%00%00%00%00%00%00PE%00%00L%01%03%00K%1A%EF%BF%BDN%00%00%00%00%00%00%00%00%EF%BF%BD%00%0F%01%0B%01%05%0C%00%02%00%00%00%04%00%00%00%00%00%00%00%10%00%00%00%10%00%00%00
- bo##tns.com/MZ%EF%BF%BD%00%03%00%00%00%04%00%00%00%EF%BF%BD%EF%BF%BD%00%00%EF%BF%BD%00%00%00%00%00%00%00@%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%EF%BF%BD%00%00%00%0E%1F%EF%BF%BD%0E%00%EF%BF%BD%09%EF%BF%BD!%EF%BF%BD%01L%EF%BF%BD!This
- DNS ASK bo##tns.com
- DNS ASK wp#d