Техническая информация
- <SYSTEM32>\cmd.exe /c "%TEMP%\\win.bat"
- <SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\wincap.ai" MyRun NtmsSvc
- %HOMEPATH%\Cookies\129984na.t
- <SYSTEM32>\win32.tdl
- %ALLUSERSPROFILE%\Application Data\wincap.ai
- %TEMP%\win
- %PROGRAM_FILES%\1.txt
- %HOMEPATH%\Cookies\116437na.t
- <SYSTEM32>\NtmsSvc.inf
- <SYSTEM32>\NtmsSvcid.dll.temp.tlb
- <SYSTEM32>\NtmsSvcaa.inf
- <SYSTEM32>\NtmsSvcid.dll.right.tlb
- <SYSTEM32>\NtmsSvcid.dll.move.tlb
- 'at##.3322.org':80
- DNS ASK at##.3322.org
- ClassName: 'Button' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''