Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\hahahahaha.exe
- '%TEMP%\a\mamatije.exe' -a 59 -o http://b.####nil.biz:8332/ -u mrdd_mrdd -p mama1 -t 2
- '%TEMP%\a\hstart.exe' /NOCONSOLE %TEMP%\a\abudale.cmd
- '%HOMEPATH%\Start Menu\Programs\Startup\hahahahaha.exe'
- '<SYSTEM32>\taskkill.exe' /f /im mamatije.exe
- '<SYSTEM32>\taskkill.exe' /f /im svchoost.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\a\abudale.cmd
- %TEMP%\a\abudale.cmd
- %TEMP%\a\mamatije.exe
- %TEMP%\a\hstart.exe
- 'b.###inil.biz':8332
- DNS ASK b.###inil.biz
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'