Техническая информация
- %ProgramFiles%\internet explorer\signup\iexplore.exe
- <SYSTEM32>\t_hico.ico
- %WINDIR%\temp.bat
- <SYSTEM32>\t_hico.ico
- DNS ASK fj##w.com
- ClassName: 'Progman' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\temp.bat' (со скрытым окном)
- '%ProgramFiles%\mozilla firefox\firefox.exe' -osint -url "http://www.fj###.com:8812/ads/ads.htm"
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\temp.bat