Техническая информация
- '%TEMP%\nst2.tmp\ns7.tmp' wmic useraccount get name,sid
- '%TEMP%\nst2.tmp\ns3.tmp' wmic useraccount get name,sid
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\wbem\wmic.exe' useraccount get name,sid
- %TEMP%\TempWmicBatchFile.bat
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\tmp6.tmp
- %TEMP%\nst2.tmp\ns7.tmp
- C:\end
- %TEMP%\nst2.tmp\inetc.dll
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\nst2.tmp\ns3.tmp
- %TEMP%\nst2.tmp\nsExec.dll
- %TEMP%\nst2.tmp\nsRandom.dll
- %TEMP%\tmp5.tmp
- %TEMP%\tmp4.tmp
- %TEMP%\nst2.tmp\ns3.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\reb[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\reb[1]
- %TEMP%\tmp5.tmp
- %TEMP%\tmp4.tmp
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- %TEMP%\tmp6.tmp
- 'www.wa##m.com':80
- www.wa##m.com/update/reb?v=##########################################################
- DNS ASK www.wa##m.com