Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\wv88EFHceHkh.bat" <Имя вируса>.exe"
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\taskhost.exe
- <SYSTEM32>\Dwm.exe
- <Текущая директория>\wv88EFHceHkh.bat
- %TEMP%\ianmpiq.kpf
- %TEMP%\ianmpiq.kpf
- '17#.#32.143.35':33816
- '18#.#10.44.161':33816
- '90.#.91.80':33816
- '18#.#06.218.121':33816
- '5.###.161.184':33816
- '18#.#15.214.211':33816
- '12#.#50.211.29':33816
- '8.###.213.129':33816
- '83.##6.223.235':33816
- '11#.#03.31.252':33816
- '11#.#40.15.59':33816
- DNS ASK dn#.##ftncsi.com
- DNS ASK microsoft.com
- DNS ASK google.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'