Техническая информация
- '<LS_APPDATA>\ddnow.exe' "http://16#.#22.193.33/run.php?id#" "aa" "<LS_APPDATA>\run.txt"
- %TEMP%\nsv2.tmp\SimpleFC.dll
- <LS_APPDATA>\run.txt
- %TEMP%\nsv2.tmp\System.dll
- <LS_APPDATA>\ddnow.exe
- %TEMP%\nsv2.tmp\System.dll
- %TEMP%\nsv2.tmp\SimpleFC.dll
- '16#.#22.193.33':80
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://16#.#22.193.33/run.php?id#
- DNS ASK wp#d