Техническая информация
- %TEMP%\nsm563b.tmp\system.dll
- %TEMP%\nsm563b.tmp\lzma.exe
- %TEMP%\nsm563b.tmp\parapamka.dat
- %TEMP%\nsm563b.tmp\trampunkus.dat
- %TEMP%\nsm563b.tmp\suckarka.dat
- %TEMP%\nsm563b.tmp\dcryptdll.dll
- %TEMP%\nsm563b.tmp\supudurka.dat
- %TEMP%\nsm563b.tmp\durupunda.dat
- %TEMP%\nsm563b.tmp\nsexec.dll
- %TEMP%\nsc564c.tmp\launcher.exe
- %TEMP%\nsc564c.tmp\commonsdll.dll
- %TEMP%\nsm563b.tmp\parapamka.dat
- %TEMP%\nsc564c.tmp\launcher.exe в %TEMP%\nsc564c.tmp\<Имя файла>.exe
- 'tr######.brownswitch.com':80
- http://tr######.brownswitch.com/webinst/links/fallback.gif?ms#############################################################
- http://tr######.brownswitch.com/webinst/links
- DNS ASK tr######.brownswitch.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%TEMP%\nsm563b.tmp\lzma.exe' "d" "%TEMP%\nsm563B.tmp\supudurka.dat" "%TEMP%\nsc564C.tmp\Launcher.exe"
- '%TEMP%\nsm563b.tmp\lzma.exe' "d" "%TEMP%\nsm563B.tmp\durupunda.dat" "%TEMP%\nsc564C.tmp\CommonsDll.dll"
- '%TEMP%\nsc564c.tmp\<Имя файла>.exe'
- '%TEMP%\nsm563b.tmp\lzma.exe' "d" "%TEMP%\nsm563B.tmp\supudurka.dat" "%TEMP%\nsc564C.tmp\Launcher.exe"' (со скрытым окном)
- '%TEMP%\nsm563b.tmp\lzma.exe' "d" "%TEMP%\nsm563B.tmp\durupunda.dat" "%TEMP%\nsc564C.tmp\CommonsDll.dll"' (со скрытым окном)