Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] ' --_96c' = '"%HOMEPATH%\--_96c\ --_96c.exe"'
- %HOMEPATH%\--_96c\bit6a94.tmp
- %HOMEPATH%\--_96c\libeay32.dll
- %HOMEPATH%\--_96c\ssleay32.dll
- %HOMEPATH%\--_96c\dbghelp.dll
- %HOMEPATH%\--_96c\dump.dmp
- %HOMEPATH%\--_96c\dump2.dmp
- %HOMEPATH%\--_96c\borlndmm.dll
- %HOMEPATH%\--_96c\bit6a94.tmp
- %HOMEPATH%\--_96c\ --_96c.zip
- %HOMEPATH%\--_96c\bit6a94.tmp в %HOMEPATH%\--_96c\ --_96c.zip
- %HOMEPATH%\--_96c\dump.dmp в %HOMEPATH%\--_96c\ --_96c.dmp
- %HOMEPATH%\--_96c\dump2.dmp в %HOMEPATH%\--_96c\ --_96c.exe
- 'dh#######.#3-eu-west-1.amazonaws.com':443
- 'lo####zaip.com.br':443
- DNS ASK dh#######.#3-eu-west-1.amazonaws.com
- DNS ASK lo####zaip.com.br
- DNS ASK go##e.com
- ClassName: '' WindowName: ''
- '%HOMEPATH%\--_96c\ --_96c.exe'
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~9,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~6,1%
- '<SYSTEM32>\cmd.exe' /c echo %charpool:~12,1%
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'