Техническая информация
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\rvywato0.exe
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\q7gv4rqrfxi4i.exe -start
- <LS_APPDATA>\Temp\bisturi.exe
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\rvywato0.exe (загружен из сети Интернет)
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\q7gv4rqrfxi4i.exe (загружен из сети Интернет)
- <SYSTEM32>\ipconfig.exe /renew
- <SYSTEM32>\ipconfig.exe /flushdns
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\CapLst[1].mid
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\rvywato0.exe
- <LS_APPDATA>\{AGKWAOTB-OLQZ-XJ87-ZM0K-3IZBENYB5C75}\q7gv4rqrfxi4i.exe
- <LS_APPDATA>\Temp\bisturi.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\newlinexxxxxxx[1].mid
- 'up####s.boxify.me':80
- 'www.go###e.com.br':80
- up####s.boxify.me/86608/CapLst.mid
- up####s.boxify.me/86607/newlinexxxxxxx.mid
- DNS ASK up####s.boxify.me
- DNS ASK www.go###e.com.br
- ClassName: 'Shell_TrayWnd' WindowName: ''