Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'autoauto' = 'c.bat'
- '<SYSTEM32>\taskkill.exe' /im chrome.exe
- C:\a\stm.bat
- <SYSTEM32>\c.bat
- C:\a\pfile1.json
- C:\a\pfile2.json
- %TEMP%\nsz2.tmp\nsJSON.dll
- C:\a\ver.ini
- C:\a\.exe
- <LS_APPDATA>\Google\Chrome\User Data\Default\Preferences
- %TEMP%\nsz2.tmp\inetc.dll
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\iframecontentscript.js
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\contentscript.js
- %TEMP%\nsz2.tmp\System.dll
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\manifest.json
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\common.js
- %TEMP%\nsz2.tmp\AccessControl.dll
- C:\a\timm.crx
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\background.html
- <LS_APPDATA>\Google\Chrome\User Data\Default\Extensions\omhhiopbpjlapigaknfpcnfadljhehod\2.6.43_0\announce.js
- %TEMP%\nsz2.tmp\nsJSON.dll
- %TEMP%\nsz2.tmp\System.dll
- %TEMP%\nsz2.tmp\AccessControl.dll
- %TEMP%\nsz2.tmp\inetc.dll
- 'do###.dotdo.net':80
- do###.dotdo.net/act/exes/.exe
- do###.dotdo.net/act/ver.ini?rd##
- DNS ASK do###.dotdo.net
- ClassName: '' WindowName: ''
- ClassName: 'Chrome_WidgetWin_0' WindowName: ''