Техническая информация
- '%TEMP%\Eraher.exe'
- '%APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSRSS.exe'
- '%APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ASSMSS.exe'
- '<SYSTEM32>\taskkill.exe' /f /fi "status eq running" /im "opera.exe" /im "firefox.exe" /im "chrome.exe" /im "iexplore.exe"
- %TEMP%\taskkill.bat
- %TEMP%\Eraher.exe
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- %TEMP%\3H9M72tHHKo.jpg
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSRSS.exe
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ASSMSS.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- '94.##0.191.201':2525
- DNS ASK dn#.##ftncsi.com
- DNS ASK sm##.mail.ru
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: '#32771' WindowName: ''