Техническая информация
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\schtasks.exe' /create /tn "Cryptr.Org" /xml "%TEMP%\oto.xml" /f
- %TEMP%\oto.xml
- %TEMP%\Cryptr.Org.exe
- %TEMP%\~DF2DAF.tmp
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- 'pa###4btc.com':80
- pa###4btc.com/raw.php?p=########
- DNS ASK pa###4btc.com
- ClassName: 'Shell_TrayWnd' WindowName: ''