Техническая информация
- %WINDIR%\syswow64\secinit.exe
- %WINDIR%\syswow64\pswzcfm.dll
- %TEMP%\7829.bat
- %TEMP%\qtxadg.dll
- %TEMP%\ehloruye.dll
- %TEMP%\rcxd364.tmp
- %TEMP%\rcxd364.tmp в %TEMP%\ehloruye.dll
- http://ao#.####batllesgrounds.com/terminal/start-up
- DNS ASK ao#.####batllesgrounds.com
- DNS ASK pr#########ront.playbattlegrounds.com
- ClassName: 'sdfasdfasfasdf' WindowName: 'sdfasdfasfasdf'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7829.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\secinit.exe' -k cvSemiTteN
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\7829.bat" "
- '%WINDIR%\syswow64\ping.exe' 1.0.0.1 -n