Техническая информация
- %TEMP%\~nsua.tmp\un_a.exe
- %TEMP%\nsv4.tmp\userinfo.dll
- %TEMP%\nsv4.tmp\ip.dll
- %TEMP%\nsm286.tmp
- %TEMP%\nsv4.tmp\nsexec.dll
- %TEMP%\nsv4.tmp\inetc.dll
- %TEMP%\nsv4.tmp\net.tmp
- <DRIVERS>\etc\hosts
- %TEMP%\nsm286.tmp
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- DNS ASK ne##.###htenvironment.com
- DNS ASK google.com
- DNS ASK microsoft.com
- DNS ASK wi###edia.org
- DNS ASK oc##.#tartssl.com
- ClassName: '#32770' WindowName: ''
- '%TEMP%\~nsua.tmp\un_a.exe' _?=<Текущая директория>\
- '%WINDIR%\syswow64\cmd.exe' /c "<SYSTEM32>\ipconfig /flushdns"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "<SYSTEM32>\ipconfig /flushdns"
- '%WINDIR%\syswow64\ipconfig.exe' /flushdns