Техническая информация
- '%TEMP%\nsz2.tmp\ns5.tmp' "chr.exe" --load-extension="../ext"
- '%TEMP%\nsz2.tmp\ns4.tmp' taskkill /IM ch.exe
- '%TEMP%\nsz2.tmp\ns3.tmp' taskkill /IM chrome.exe
- '<SYSTEM32>\taskkill.exe' /IM ch.exe
- '<SYSTEM32>\taskkill.exe' /IM chrome.exe
- %TEMP%\nsz2.tmp\nsisdl.dll
- %TEMP%\nsz2.tmp\ns5.tmp
- <Текущая директория>\bin.exe
- <Текущая директория>\v.txt
- %TEMP%\nsz2.tmp\nsExec.dll
- %TEMP%\nsz2.tmp\System.dll
- %TEMP%\nsz2.tmp\ns4.tmp
- %TEMP%\nsz2.tmp\ns3.tmp
- %TEMP%\nsz2.tmp\ns5.tmp
- %TEMP%\nsz2.tmp\ns4.tmp
- %TEMP%\nsz2.tmp\ns3.tmp
- 'ko###ded.com':80
- ko###ded.com/facebook/ibraheemnada/ext/a.mslha
- ko###ded.com/facebook/ibraheemnada/ext/v.txt
- DNS ASK ko###ded.com
- ClassName: '(null)' WindowName: '(null)'