Техническая информация
- %TEMP%\nsx2.tmp\ns3.tmp taskkill /f /im sgav.exe
- %ALLUSERSPROFILE%\Application Data\gwr\wsav.exe
- %ALLUSERSPROFILE%\Application Data\gwr\wsav.exe (загружен из сети Интернет)
- <SYSTEM32>\taskkill.exe /f /im sgav.exe
- %TEMP%\nsx2.tmp\nsExec.dll
- %ALLUSERSPROFILE%\Application Data\gwr\wsav.exe
- %ALLUSERSPROFILE%\Application Data\gwr\GRABi.exe
- %TEMP%\nsx2.tmp\ns3.tmp
- %TEMP%\nsx2.tmp\UAC.dll
- <DRIVERS>\etc\h1
- %TEMP%\nsx2.tmp\NSISdl.dll
- %TEMP%\nsx2.tmp\exdll.dll
- %TEMP%\nsx2.tmp\ns3.tmp
- <DRIVERS>\etc\hosts
- 'zp##.##een-av-pro.com':80
- zp##.##een-av-pro.com/P4974E410D605AA101835E==/GRABi.exe
- zp##.##een-av-pro.com/P4974E410D605AA101835E==/wsav.ttt
- DNS ASK zp##.##een-av-pro.com
- ClassName: '' WindowName: ''