Техническая информация
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %TEMP%\ixp000.tmp\4-20
- %TEMP%\ixp000.tmp\50-27
- %TEMP%\ixp000.tmp\2-4
- %TEMP%\ixp000.tmp\61-20
- %TEMP%\ixp000.tmp\64-13
- %TEMP%\ixp000.tmp\svchost.com
- %TEMP%\ixp000.tmp\l
- %TEMP%\ixp000.tmp\dbg.txt
- %TEMP%\ixp000.tmp\l
- %TEMP%\ixp000.tmp\2-4
- %TEMP%\ixp000.tmp\61-20
- %TEMP%\ixp000.tmp\50-27
- %TEMP%\ixp000.tmp\4-20
- %TEMP%\ixp000.tmp\64-13
- %TEMP%\ixp000.tmp\svchost.com
- DNS ASK se###X.seovNX
- DNS ASK uI############JsYcBebMrbq.uIVuIMgHPokpvDJsYcBebMrbq
- ClassName: 'Shell_traywnd' WindowName: ''
- '%TEMP%\ixp000.tmp\svchost.com' L
- '%WINDIR%\syswow64\cmd.exe' /c certutil -decode 61-20 64-13 & cmd < 64-13' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c xHVsNdU' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c xHVsNdU
- '%WINDIR%\syswow64\cmd.exe' /c certutil -decode 61-20 64-13 & cmd < 64-13
- '%WINDIR%\syswow64\certutil.exe' -decode 61-20 64-13
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\ping.exe' -n 1 seovNX.seovNX
- '%WINDIR%\syswow64\findstr.exe' /V /R "^hZGnnDlFjfzLqNdu$" 4-20
- '%WINDIR%\syswow64\certutil.exe' -decode 50-27 L
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 30
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'