Техническая информация
- %TEMP%\1.tmp\lsass.exe
- %TEMP%\1.tmp\lsass.scr
- <SYSTEM32>\attrib.exe +h +s +r dws.bat
- <SYSTEM32>\attrib.exe +h +s +r <SYSTEM32>\vhost
- <SYSTEM32>\tskill.exe cmd
- <SYSTEM32>\attrib.exe +h +s +r lsass.scr
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\dws.bat" "
- <SYSTEM32>\tskill.exe iexplore
- <SYSTEM32>\ping.exe 0.0.0.0 -n 1
- %WINDIR%\Explorer.EXE
- iexplore.exe
- %TEMP%\1.tmp\lsass.exe
- <SYSTEM32>\vhost\vhost.exe
- %TEMP%\1.tmp\dws.bat
- %TEMP%\1.tmp\lsass.scr
- %TEMP%\1.tmp\dws.bat
- %TEMP%\1.tmp\lsass.scr
- %TEMP%\1.tmp\dws.bat
- %TEMP%\1.tmp\lsass.scr
- 'localhost':81
- 'bi###no-ip.info':81
- DNS ASK bi###no-ip.info
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''