Техническая информация
- '<SYSTEM32>\schtasks.exe' /create /sc onlogon /tn "admin folder" /rl highest /tr "'%ProgramFiles%\user folder\appupdate.exe' /startup" /f
- <SYSTEM32>\wbem\wmiprvse.exe
- %TEMP%\print.css
- %TEMP%\olleh_logo.jpg
- %TEMP%\Xxx5dm5Ti.zGPLvJEznV3c4F
- %ProgramFiles%\user folder\appupdate.exe
- %TEMP%\nsc2.tmp\System.dll
- %TEMP%\embed
- %TEMP%\logo.gif
- %TEMP%\payment
- %TEMP%\navi3.png
- %TEMP%\index.do1894732977.html
- 'be######nnornew96.ddns.net':60599
- 'fa####ltd.ddns.net':60599
- DNS ASK be######nnornew96.ddns.net
- DNS ASK fa####ltd.ddns.net