Техническая информация
- '%TEMP%\5IMUmPd2.exe' "%APPDATA%\iVhZw51NB8Po\" "Ob88VU56qG0luYlF" "START" "60000"
- '%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe' Ob88VU56qG0luYlF
- '<SYSTEM32>\cmd.exe' /C "%APPDATA%\iVhZw51NB8Po\Ue1g3gHg.cmd"
- '<SYSTEM32>\cmd.exe' /C type "%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe" > "%APPDATA%\Microsoft\KhFni14m.exe" && "%APPDATA%\Microsoft\KhFni14m.exe" "%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe" "<LS_APPDATA>\Microsoft\YAat0ysi.e...
- '<SYSTEM32>\cmd.exe' /C type "%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe" > "<LS_APPDATA>\Microsoft\YAat0ysi.exe" && "<LS_APPDATA>\Microsoft\YAat0ysi.exe" "%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe" "%APPDATA%\Microsoft\KhFni14...
- '<SYSTEM32>\ping.exe' -n 3 localhost
- '<SYSTEM32>\cmd.exe' /C type "<Полный путь к файлу>" > "%APPDATA%\IVHZW5~1\jqitCIFl.exe"
- '<SYSTEM32>\cmd.exe' /C type "%APPDATA%\iVhZw51NB8Po\jqitCIFl.exe" > "%TEMP%\5IMUmPd2.exe" && "%TEMP%\5IMUmPd2.exe" "%APPDATA%\iVhZw51NB8Po\" "Ob88VU56qG0luYlF" "START" "60000"
- '<SYSTEM32>\cmd.exe' /C "%APPDATA%\iVhZw51NB8Po\HmoBxXLy.cmd"
- jqitCIFl.exe
- %APPDATA%\iVhZw51NB8Po\Ue1g3gHg.cmd
- %APPDATA%\Microsoft\KhFni14m.exe
- %TEMP%\5IMUmPd2.exe
- %APPDATA%\iVhZw51NB8Po\jqitCIFl.exe
- %APPDATA%\iVhZw51NB8Po\HmoBxXLy.cmd
- 'pp###ator.co':80
- http://pp###ator.co/addrecord.php?ap################################################################################
- DNS ASK pp###ator.co