Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\stepx2.exe
- '%TEMP%\x30811.exe' -a 60 -g yes -o http://y.#####name.info:8332/ -u redem_guild -p redemxxx5x2 -t 2
- '%TEMP%\hid.exe' /NOCONSOLE yz.bat
- '%HOMEPATH%\Start Menu\Programs\Startup\stepx2.exe'
- '<SYSTEM32>\taskkill.exe' /f /im mamita.exe
- '<SYSTEM32>\taskkill.exe' /f /im x11811.exe
- '<SYSTEM32>\cmd.exe' /c yz.bat
- '<SYSTEM32>\taskkill.exe' /f /im svchoost.exe
- %TEMP%\x30811.exe
- %TEMP%\hid.exe
- %TEMP%\yz.bat
- 'y.####yname.info':8332
- DNS ASK y.####yname.info
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''