Техническая информация
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{78821544-1544-1544-1544-788215441544}
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- %TEMP%\4dd3.tmp
- %APPDATA%\bbwcwus
- %APPDATA%\jubtdtb
- %APPDATA%\rcstgsv
- %TEMP%\ef23.tmp.exe
- %TEMP%\173.tmp.exe
- %TEMP%\1c2c.tmp.exe
- %TEMP%\clip
- %TEMP%\8bf7.tmp-shm
- %APPDATA%\bbwcwus
- %APPDATA%\jubtdtb
- %APPDATA%\rcstgsv
- %TEMP%\8bf7.tmp-shm
- http://www.ms###csi.com/ncsi.txt
- http://18#.#12.129.54/rksn.exe
- http://ne######r4-service.space/raccon.exe
- http://ne######r3-service.space/
- http://ne######r4-service.space/
- DNS ASK ne######r1-service.space
- DNS ASK ne######r2-service.space
- DNS ASK ne######r3-service.space
- DNS ASK ne######r4-service.space
- ClassName: 'TablacusExplorer' WindowName: ''
- '%TEMP%\ef23.tmp.exe'
- '%TEMP%\173.tmp.exe'
- '%TEMP%\1c2c.tmp.exe'
- '<SYSTEM32>\werfault.exe' -u -p 292 -s 628' (со скрытым окном)
- '%WINDIR%\explorer.exe'