Техническая информация
- '<SYSTEM32>\cmd.exe' /c ""c:\jbliuste.bat""
- '<SYSTEM32>\cmd.exe' /c ""C:\cnvcrew.bat""
- '<SYSTEM32>\cmd.exe' /c C:\NAZIRIGUDO.bat
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\Memo1 /v NameServer /d "69.162.111.29,8.8.8.8" /f
- %HOMEPATH%\Internet Explorer.lnk
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- %HOMEPATH%\Start Menu\Programs\Internet Explorer.lnk
- C:\cnvcrew.bat
- C:\vsn.pac
- C:\gnewsetup.gif
- C:\NAZIRIGUDO.bat
- C:\jbliuste.txt
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
- %APPDATA%\figundo.txt
- C:\jbliuste.bat
- C:\gnewsetup.gif
- %APPDATA%\figundo.txt
- C:\NAZIRIGUDO.bat
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- C:\vsn.pac в %APPDATA%\vsn.pac
- C:\jbliuste.txt в C:\jbliuste.bat
- '69.##2.111.29':80
- 'localhost':1039
- '14#.#85.220.219':80
- http://69.##2.111.29/noragin.doc
- http://69.##2.111.29/logotipo.gif
- http://14#.#85.220.219/data/newenv.php