Техническая информация
- %TEMP%\RarSFX0\bot.exe
- %TEMP%\bot.sfx.exe -p123456tsty009
- <SYSTEM32>\wuauclt.exe
- <SYSTEM32>\wuauclt.exe
- %TEMP%\RarSFX0\bot.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %TEMP%\bot.sfx.exe
- %TEMP%\bot.sfx.exe
- %TEMP%\RarSFX0\bot.exe
- '13#.#.233.64':80
- '20#.#6.232.182':80
- 13#.#.233.64/andro/image.php
- DNS ASK www.up####.microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''