Техническая информация
- congiunto.exe.pif
- %TEMP%\ixp000.tmp\dattero.wbk
- %TEMP%\ixp000.tmp\esistenza.wbk
- %TEMP%\ixp000.tmp\aspettavo.wbk
- %TEMP%\ixp000.tmp\congiunto.exe.pif
- %TEMP%\ixp000.tmp\nmrtt.dll
- %TEMP%\ixp000.tmp\p
- %TEMP%\ixp000.tmp\dattero.wbk
- %TEMP%\ixp000.tmp\congiunto.exe.pif
- %TEMP%\ixp000.tmp\aspettavo.wbk в %TEMP%\ixp000.tmp\p
- DNS ASK tu######cDcY.tuPzsolxcDcY
- '%TEMP%\ixp000.tmp\congiunto.exe.pif' P
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Esistenza.wbk' (со скрытым окном)
- '%WINDIR%\syswow64\ftp.exe' -?' (со скрытым окном)
- '%WINDIR%\syswow64\ftp.exe' -?
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Esistenza.wbk
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\tasklist.exe' /FI "imagename eq BullGuardCore.exe"
- '%WINDIR%\syswow64\find.exe' /I /N "bullguardcore.exe"
- '%WINDIR%\syswow64\tasklist.exe' /FI "imagename eq PSUAService.exe"
- '%WINDIR%\syswow64\find.exe' /I /N "psuaservice.exe"
- '%WINDIR%\syswow64\findstr.exe' /V /R "^VBNKEZcFuClIqCwDfZLYyYSgBIFmwizNsZNbuKFwcrNiUBFraGQiScYWImpWzVEYpvswOEbFzKCelLzZeCux$" Dattero.wbk
- '%WINDIR%\syswow64\ping.exe' localhost -n 5