Техническая информация
- [HKLM\System\CurrentControlSet\Services\VSS] 'Start' = '00000002'
- %WINDIR%\syswow64\txplatform.exe
- %WINDIR%\syswow64\sysname.exe
- %WINDIR%\syswow64\vssvc.exe
- %WINDIR%\syswow64\qqdll.txt
- %WINDIR%\syswow64\runtrue.txt
- %WINDIR%\syswow64\qqver.txt
- %WINDIR%\syswow64\runcount.txt
- %WINDIR%\syswow64\macmac.txt
- %WINDIR%\syswow64\macmac.txt
- %WINDIR%\syswow64\macmac.txt
- 'un###.nowpride.com':80
- http://un###.nowpride.com/GetDate.aspx?ip####################################################################################
- DNS ASK un###.nowpride.com
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\txplatform.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig/all > %WINDIR%\SysWOW64\macmac.txt (со скрытым окном)
- '%WINDIR%\syswow64\ipconfig.exe' /all
- '%WINDIR%\syswow64\txplatform.exe' (со скрытым окном)