Техническая информация
- %WINDIR%\winboot.dll
- %WINDIR%\prefetch\cmd.exe-4a81b364.pf
- %WINDIR%\prefetch\cmd.exe-ac113aa8.pf
- %WINDIR%\prefetch\conhost.exe-1f3e9d7e.pf
- %WINDIR%\prefetch\dllhost.exe-5e46fa0d.pf
- %WINDIR%\prefetch\dllhost.exe-766398d2.pf
- %WINDIR%\prefetch\dllhost.exe-b2eb1806.pf
- %WINDIR%\prefetch\rundll32.exe-038e6267.pf
- %WINDIR%\prefetch\rundll32.exe-36dac103.pf
- %WINDIR%\prefetch\rundll32.exe-46a5f75f.pf
- %WINDIR%\prefetch\rundll32.exe-685a8f09.pf
- %WINDIR%\prefetch\rundll32.exe-7438e4d5.pf
- %WINDIR%\prefetch\rundll32.exe-860c49a4.pf
- %WINDIR%\prefetch\rundll32.exe-9cc17d45.pf
- %WINDIR%\prefetch\rundll32.exe-a148e651.pf
- %WINDIR%\prefetch\rundll32.exe-c211633d.pf
- %WINDIR%\prefetch\rundll32.exe-e6258edf.pf
- 'pa###bin.com':80
- 'pa###bin.com':443
- '17#.#24.218.185':24780
- http://pa###bin.com/raw/mUg43hhD
- 'pa###bin.com':443
- '17#.#24.218.185':24780
- DNS ASK pa###bin.com
- ClassName: 'Whiskey001' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c del /Q "%WINDIR%\Prefetch\<Имя файла>.*.pf"
- '%WINDIR%\syswow64\cmd.exe' /c del /Q "%WINDIR%\Prefetch\CMD.*.pf"
- '%WINDIR%\syswow64\cmd.exe' /c del /Q "%WINDIR%\Prefetch\CONHOST.*.pf"
- '%WINDIR%\syswow64\cmd.exe' /c del /Q "%WINDIR%\Prefetch\DLLHOST.*.pf"
- '%WINDIR%\syswow64\cmd.exe' /c del /Q "%WINDIR%\Prefetch\RUNDLL32.*.pf"
- '%WINDIR%\syswow64\cmd.exe' /c net start w32time
- '%WINDIR%\syswow64\net.exe' start w32time
- '%WINDIR%\syswow64\net1.exe' start w32time
- '%WINDIR%\syswow64\cmd.exe' /c w32tm /resync
- '%WINDIR%\syswow64\w32tm.exe' /resync
- '<SYSTEM32>\w32tm.exe' /resync
- '%WINDIR%\syswow64\cmd.exe' /c CLS