Техническая информация
- <Текущая директория>\zgzqujfaua.exe
- %WINDIR%\temp\tarcec0.tmp
- %WINDIR%\temp\cabcebf.tmp
- %WINDIR%\temp\tarb8de.tmp
- %WINDIR%\temp\cabb8dd.tmp
- %WINDIR%\temp\tarb85f.tmp
- %WINDIR%\temp\cabb85e.tmp
- %WINDIR%\temp\tara26d.tmp
- %WINDIR%\temp\caba26c.tmp
- %WINDIR%\temp\tar8a1b.tmp
- %WINDIR%\temp\cab8a1a.tmp
- %WINDIR%\temp\tar73db.tmp
- %WINDIR%\temp\cab73da.tmp
- %WINDIR%\temp\tar738b.tmp
- %WINDIR%\temp\cab738a.tmp
- nul
- %WINDIR%\temp\cab2901.tmp
- %WINDIR%\temp\tar2902.tmp
- %WINDIR%\temp\cab738a.tmp
- %WINDIR%\temp\tar738b.tmp
- %WINDIR%\temp\cab73da.tmp
- %WINDIR%\temp\tar73db.tmp
- %WINDIR%\temp\cab8a1a.tmp
- %WINDIR%\temp\tar8a1b.tmp
- %WINDIR%\temp\caba26c.tmp
- %WINDIR%\temp\tara26d.tmp
- %WINDIR%\temp\cabb85e.tmp
- %WINDIR%\temp\tarb85f.tmp
- %WINDIR%\temp\cabb8dd.tmp
- %WINDIR%\temp\tarb8de.tmp
- %WINDIR%\temp\cabcebf.tmp
- %WINDIR%\temp\tarcec0.tmp
- %WINDIR%\temp\cab2901.tmp
- %WINDIR%\temp\tar2902.tmp
- 'mo###ith.club':443
- 'microsoft.com':80
- 'mo###ith.club':80
- 'x1.#.lencr.org':80
- 'r3.#.lencr.org':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://x1.#.lencr.org/
- http://r3.#.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMzWw%2Fw7Z9klVQoWXwj9u6vPg%3D%3D
- 'mo###ith.club':443
- DNS ASK mo###ith.club
- DNS ASK microsoft.com
- DNS ASK x1.#.lencr.org
- DNS ASK r3.#.lencr.org
- '<Текущая директория>\zgzqujfaua.exe'
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 6000 > Nul & Del "<Полный путь к файлу>"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 6000