Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im new_.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im try.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im otry.exe
- %TEMP%\nsm63b3.tmp\nsexec.dll
- %LOCALAPPDATA%\btest\new_.exe.config
- %LOCALAPPDATA%\btest\app.config
- %LOCALAPPDATA%\btest\new_.exe
- %LOCALAPPDATA%\btest\otry.exe
- %LOCALAPPDATA%\btest\try.exe
- %TEMP%\nsm63b3.tmp\nsexec.dll
- http://fo###arve.com/testP/?co########
- http://fo###arve.com/wvid/
- http://fo###arve.com/testP/style.css
- http://ap.##jit.com/www/delivery/fpi.js?z=###########################
- http://10#.#01.148.40/urltravel/p10.php?v=##
- http://cr#.#odaddy.com/gdroot.crl
- http://cr#.#odaddy.com/gdroot-g2.crl
- http://cr#.#odaddy.com/gdig2s1-1790.crl
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK fo###arve.com
- DNS ASK ap.##jit.com
- DNS ASK cr#.#odaddy.com
- DNS ASK microsoft.com
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%LOCALAPPDATA%\btest\new_.exe' "http://10#.#01.148.40/urltravel/p10.php?v=##"
- '%LOCALAPPDATA%\btest\try.exe'
- '%LOCALAPPDATA%\btest\otry.exe'
- '%WINDIR%\syswow64\taskkill.exe' /f /im new_.exe' (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /f /im try.exe' (со скрытым окном)
- '%WINDIR%\syswow64\taskkill.exe' /f /im otry.exe' (со скрытым окном)