Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AAP9Nbh1' = '"%LOCALAPPDATA%\btest\a.exe" http://109.201.135.121/gsi.php'
- '%WINDIR%\syswow64\taskkill.exe' /f /im a.exe
- %TEMP%\nss483.tmp\pwgen.dll
- %TEMP%\nss483.tmp\nsexec.dll
- %LOCALAPPDATA%\btest\a.exe
- %TEMP%\nss483.tmp\nsexec.dll
- %TEMP%\nss483.tmp\pwgen.dll
- http://10#.#01.135.121/gsi.php
- http://10#.#01.135.121/gsiu.php
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%LOCALAPPDATA%\btest\a.exe' "http://10#.#01.135.121/gsi.php"
- '%LOCALAPPDATA%\btest\a.exe' "http://10#.#01.135.121/gsiu.php"
- '%WINDIR%\syswow64\taskkill.exe' /f /im a.exe' (со скрытым окном)