Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\ghOkMGJtloFU.bat" <Имя вируса>.exe"
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\Dwm.exe
- <SYSTEM32>\taskhost.exe
- <Текущая директория>\ghOkMGJtloFU.bat
- %TEMP%\ianmpiq.kpf
- %TEMP%\ianmpiq.kpf
- '84.##4.62.236':35618
- '24.#9.56.68':35618
- '21#.#33.232.207':35618
- '84.#8.96.43':35618
- '24.##0.14.152':35618
- '10#.#.112.190':35618
- '10#.#08.122.150':35618
- '81.##.160.51':35618
- '72.##.92.245':35618
- '19#.#7.211.43':35618
- '12#.#21.112.99':35618
- DNS ASK dn#.##ftncsi.com
- DNS ASK google.com
- DNS ASK microsoft.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '3Dmodels' WindowName: '(null)'