Техническая информация
- %TEMP%\nsv2.tmp\ns3.tmp taskkill /f /im sgav.exe
- %ALLUSERSPROFILE%\Application Data\gra\wsav.exe
- %ALLUSERSPROFILE%\Application Data\gra\wsav.exe (загружен из сети Интернет)
- <SYSTEM32>\taskkill.exe /f /im sgav.exe
- %TEMP%\nsv2.tmp\nsExec.dll
- %ALLUSERSPROFILE%\Application Data\gra\wsav.exe
- %ALLUSERSPROFILE%\Application Data\gra\GRABi.exe
- %TEMP%\nsv2.tmp\ns3.tmp
- %TEMP%\nsv2.tmp\UAC.dll
- <DRIVERS>\etc\h1
- %TEMP%\nsv2.tmp\NSISdl.dll
- %TEMP%\nsv2.tmp\exdll.dll
- %TEMP%\nsv2.tmp\ns3.tmp
- <DRIVERS>\etc\hosts
- 'p4####.my-green-av.com':80
- p4####.my-green-av.com/P517031109B064A101822FC=/GRABi.exe
- p4####.my-green-av.com/P517031109B064A101822FC=/wsav.ttt
- DNS ASK p4####.my-green-av.com
- ClassName: '' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '#32770' WindowName: ''