Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\location\activesyncrun
- <SYSTEM32>\tasks\microsoft\windows\location\activesync
- %TEMP%\genteert.dll
- %TEMP%\genteebe\guig.dll
- %TEMP%\genteebe\libeay32.dll
- %TEMP%\genteebe\ssleay32.dll
- %TEMP%\genteebe\7zci.dll
- %TEMP%\genteebe\setup_temp.gea
- %PROGRAMDATA%\network\steamsync.7z
- %PROGRAMDATA%\network\datatm.cmd
- %PROGRAMDATA%\network\winring0x64.sys
- %PROGRAMDATA%\network\steamsync.exe
- %PROGRAMDATA%\network\steam.exe
- %PROGRAMDATA%\task\activesyncrun.xml
- %PROGRAMDATA%\task\activesync.xml
- %TEMP%\deldll.bat
- %TEMP%\genteebe\7zci.dll
- %TEMP%\genteebe\guig.dll
- %TEMP%\genteebe\libeay32.dll
- %TEMP%\genteebe\setup_temp.gea
- %TEMP%\genteebe\ssleay32.dll
- %TEMP%\genteert.dll
- 'mr###bot.at.ua':443
- DNS ASK mr###bot.at.ua
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Location\ActiveSyncRun /create /xml ActiveSyncRun.xml' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Location\ActiveSync /create /xml ActiveSync.xml' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\deldll.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Location\ActiveSyncRun /create /xml ActiveSyncRun.xml
- '%WINDIR%\syswow64\schtasks.exe' /tn Microsoft\Windows\Location\ActiveSync /create /xml ActiveSync.xml
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\deldll.bat" "