Техническая информация
- %WINDIR%\Tasks\VersionCheck.job
- <SYSTEM32>\regsvr32.exe /s "%WINDIR%\$XNTUninstall643$\teavv.dll"
- <SYSTEM32>\schtasks.exe /create /sc HOURLY /tr "\"%ALLUSERSPROFILE%\Application Data\WSTB\verupd.exe\"" /ru "System" /tn "VersionCheck"
- %TEMP%\nsh4.tmp\registry.dll
- %TEMP%\in32log.txt
- %APPDATA%\Mozilla\Firefox\Profiles\przhlnon.default\search.sqlite-journal
- %TEMP%\nsh4.tmp\nsExec.dll
- %TEMP%\nsh4.tmp\ns5.tmp
- %TEMP%\nsn2.tmp\austmar.exe
- %WINDIR%\$XNTUninstall643$\teavv.dll
- %TEMP%\nsn2.tmp\ns6.tmp
- %TEMP%\nsn2.tmp\GetVersion.dll
- %TEMP%\nsn2.tmp\nsExec.dll
- %APPDATA%\Mozilla\Firefox\Profiles\przhlnon.default\user.js
- %TEMP%\nsn2.tmp\verupd.exe
- %ALLUSERSPROFILE%\Application Data\WSTB\verupd.exe
- %TEMP%\nsn2.tmp\rep
- %TEMP%\nsn2.tmp\System.dll
- %TEMP%\nsn2.tmp\NSISdl.dll
- %TEMP%\nsh4.tmp\textreplace.dll
- %TEMP%\nsh4.tmp\GetVersion.dll
- %TEMP%\sqlite3.exe
- %TEMP%\nsh4.tmp\System.dll
- %TEMP%\websearch.xml
- %TEMP%\nsh4.tmp\System.dll
- %TEMP%\nsh4.tmp\registry.dll
- %TEMP%\nsh4.tmp\textreplace.dll
- %TEMP%\nsn2.tmp\ns6.tmp
- %TEMP%\in32log.txt
- %TEMP%\nsh4.tmp\ns5.tmp
- %APPDATA%\Mozilla\Firefox\Profiles\przhlnon.default\search.sqlite-journal
- %TEMP%\sqlite3.exe
- %TEMP%\nsh4.tmp\nsExec.dll
- %TEMP%\nsh4.tmp\GetVersion.dll
- 'www.co###rack.com':80
- 'www.ab###own.com':80
- www.co###rack.com/reg/0|{12BB96F3-C502-454D-9407-3F8BAD47C1E0}
- www.ab###own.com/?st############
- DNS ASK www.co###rack.com
- DNS ASK www.ab###own.com