Техническая информация
- %APPDATA%\NvidiaDriver.exe
- %WINDIR%\dfv.exe
- %WINDIR%\Новый документ в формате RTF.rtf
- %WINDIR%\dfv.exe
- 'ip###ger.com':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK ip###ger.com
- DNS ASK wp#d
- ClassName: 'WordPadClass' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\NvidiaDriver.exe'
- '%WINDIR%\dfv.exe'
- '<SYSTEM32>\schtasks.exe' /delete /tn NvidiaGraphicDriver /F
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 3 & Del "%WINDIR%\dfv.exe"
- '%ProgramFiles%\Windows NT\Accessories\wordpad.exe' "%WINDIR%\Новый документ в формате RTF.rtf"
- '<SYSTEM32>\cmd.exe' /C schtasks /delete /tn NvidiaGraphicDriver /F