Техническая информация
- '' (загружен из сети Интернет)
- '%WINDIR%\syswow64\taskkill.exe' /im "install.exe" /f
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\temp\install.exe
- %TEMP%\temp\install.exe
- http://ip###ger.org/1Wnwe7
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ip##pi.com/xml
- http://os##oft.com/20190118/things.xml
- http://cl###cleaner.cc/download.php?pu######
- http://cl###cleaner.cc/stats/started.php?pu####################
- http://cl###cleaner.cc/do.php?pu#########
- http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV
- http://go#####analytics.com/collect
- DNS ASK ip###ger.org
- DNS ASK microsoft.com
- DNS ASK ip##pi.com
- DNS ASK go#####analytics.com
- DNS ASK os##oft.com
- DNS ASK cl###cleaner.cc
- DNS ASK oc##.#tartssl.com
- ClassName: '' WindowName: ''
- '%TEMP%\temp\install.exe' /cashmix INSTALL
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "install.exe" /f & erase "%TEMP%\Temp\install.exe" & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "install.exe" /f & erase "%TEMP%\Temp\install.exe" & exit