Техническая информация
- '%HOMEPATH%\AppData\Roaming\Setup\csrss.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\7ZSfx000.cmd" "
- '%HOMEPATH%\AppData\Roaming\Setup\dllhost.exe'
- '%HOMEPATH%\AppData\Roaming\Setup\svchost.exe'
- %HOMEPATH%\AppData\Roaming\Setup\svchost.exe
- %TEMP%\7ZSfx000.cmd
- %HOMEPATH%\AppData\Roaming\Setup\csrss.exe
- %HOMEPATH%\AppData\Roaming\Setup\dllhost.exe
- %TEMP%\7ZSfx000.cmd
- 'www.pw##rd.com':80
- 'ap#.##ceboolad.com':80
- http://www.pw##rd.com/api/
- http://ap#.##ceboolad.com/api//send
- DNS ASK www.pw##rd.com
- DNS ASK ap#.##ceboolad.com