Техническая информация
- %WINDIR%\syswow64\notepad.exe
- %WINDIR%\12.sfx.exe
- %WINDIR%\13.bat
- %TEMP%\фото.exe
- %TEMP%\фото.exe
- 'dl####022.hopto.org':1604
- DNS ASK dl####022.hopto.org
- ClassName: 'EDIT' WindowName: ''
- ClassName: '#32770' WindowName: 'Blank Page - Windows Internet Explorer'
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- '%WINDIR%\12.sfx.exe' -p987123456 d%LOCALAPPDATA%\Temp
- '%TEMP%\фото.exe'
- '%WINDIR%\syswow64\notepad.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\13.bat" "
- '%WINDIR%\syswow64\notepad.exe'