Техническая информация
- http://97###.prohoster.biz/7mks8x/rke0w9y5b0zva9iyx0hev/8335op993ag8vtat99cuerrmhwfpb8zthi86y0d7uunfgdk4y75jc5n16o2alv4l/ae8f0e6170cd6b45d0cc212ac0c66e0e8d722f2b.exe as c:/programdata/ae8f0e6170cd6b45d0cc212ac0c66e0e8d722f2b.exe
- %PROGRAMDATA%\a4l8mobwdgacafmjwlrm.cmd
- %PROGRAMDATA%\m4jyinviz9k43qff3xpfypmeldbwxr.vbs
- nul
- DNS ASK 97###.prohoster.biz
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\M4JyINviz9K43qfF3xPfYpmELDbWxr.vbs"
- '%WINDIR%\syswow64\cmd.exe' /c ""%PROGRAMDATA%\A4l8MoBWdgacafMjWLrm.cmd" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%PROGRAMDATA%\A4l8MoBWdgacafMjWLrm.cmd" "
- '%WINDIR%\syswow64\timeout.exe' /T 1 /NOBREAK