Техническая информация
- %TEMP%\aut1.tmp
- %TEMP%\_MEI28882\stiller.exe.manifest
- %TEMP%\_MEI28882\sqlite3.dll
- %TEMP%\_MEI28882\select.pyd
- %TEMP%\_MEI28882\python27.dll
- %TEMP%\_MEI28882\msvcr90.dll
- %TEMP%\_MEI28882\msvcp90.dll
- %TEMP%\_MEI28882\msvcm90.dll
- %TEMP%\_MEI28882\bz2.pyd
- %TEMP%\_MEI28882\unicodedata.pyd
- %TEMP%\_MEI28882\_ssl.pyd
- %TEMP%\_MEI28882\_socket.pyd
- %TEMP%\_MEI28882\_hashlib.pyd
- %TEMP%\_MEI28882\_ctypes.pyd
- %TEMP%\_MEI28882\Microsoft.VC90.CRT.manifest
- %TEMP%\_MEI28882\Crypto.Cipher._AES.pyd
- %APPDATA%\WindowsDest\windrws.exe
- %TEMP%\aut2.tmp
- %APPDATA%\WindowsDest\begin.exe
- %TEMP%\_MEI28882\_sqlite3.pyd
- %TEMP%\_MEI28882\Include\pyconfig.h
- %APPDATA%\WindowsDest\windrws.exe
- %APPDATA%\WindowsDest\begin.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- 'ip###ger.com':443
- DNS ASK ip###ger.com
- '%APPDATA%\WindowsDest\begin.exe'
- '%APPDATA%\WindowsDest\windrws.exe'
- '<SYSTEM32>\cmd.exe' /c SchTasks /create /tn "StartUp Windows" /tr %appdata%\WindowsDest\windrws.exe /sc minute /mo 1
- '<SYSTEM32>\schtasks.exe' /create /tn "StartUp Windows" /tr %APPDATA%\WindowsDest\windrws.exe /sc minute /mo 1