Техническая информация
- '<SYSTEM32>\net.exe' start schedule
- '<SYSTEM32>\net1.exe' start schedule
- '%TEMP%\nsh3.tmp\ns5.tmp' net.exe start schedule
- '%TEMP%\nsh3.tmp\ns4.tmp' "<SYSTEM32>\cscript.exe" //Nologo "client_zone_id.js" set_client_zoneid "Software\SoftwareRefresher" 3015109 1471350663 /error-reports-url="http://fr################rt-frontend-78480448.us-east...
- '<SYSTEM32>\cscript.exe' //Nologo "client_zone_id.js" set_client_zoneid "Software\SoftwareRefresher" 3015109 1471350663 /error-reports-url="http://fr################rt-frontend-78480448.us-east-1.elb.amazonaws.com/subm...
- %TEMP%\nsh3.tmp\ns4.tmp
- %TEMP%\nsh3.tmp\nsExecCv.dll
- <LS_APPDATA>\Software Refresher\SoftwareDetector.exe
- %ProgramFiles%\Davenport\Updater\updater.exe
- %TEMP%\nsh3.tmp\ns5.tmp
- %TEMP%\nsh3.tmp\nsExec.dll
- %ProgramFiles%\Davenport\Updater\1.0\updater.exe
- <LS_APPDATA>\Software Refresher\canvas.js
- %TEMP%\nsh3.tmp\md5dll.dll
- %TEMP%\nsh3.tmp\System.dll
- %TEMP%\nsx2.tmp
- <LS_APPDATA>\Software Refresher\icon.ico
- <LS_APPDATA>\Software Refresher\systemreport.js
- <LS_APPDATA>\Software Refresher\systeminfo.js
- <LS_APPDATA>\Software Refresher\client_zone_id.js
- %TEMP%\nsh3.tmp\ns4.tmp
- 'cd#####-a.akamaihd.net':80
- http://cd#####-a.akamaihd.net/tb/gz.php?ke################################################################
- DNS ASK cd#####-a.akamaihd.net