Техническая информация
- расширений файлов
- %TEMP%\nsm2.tmp
- %WINDIR%\4265.vbs
- %TEMP%\nsr3.tmp\ns4.tmp
- %TEMP%\nsr3.tmp\nsExec.dll
- %TEMP%\nsr3.tmp\nsRandom.dll
- %HOMEPATH%\Desktop\МФ±¦№єОп.exe
- %HOMEPATH%\Desktop\ЗйЙ«µзУ°.exe
- %TEMP%\nsr3.tmp\System.dll
- %TEMP%\nsr3.tmp\InetLoad.dll
- %HOMEPATH%\Favorites\јТЧ°ЖµµА.lnk
- %HOMEPATH%\Favorites\КОЖ·Р¬°ь.lnk
- %TEMP%\nsr3.tmp\ns5.tmp
- %HOMEPATH%\Favorites\КіЖ·ЖµµА.lnk
- %HOMEPATH%\Favorites\ДРИЛЖµµА.lnk
- %HOMEPATH%\Favorites\КэВлЖµµА.lnk
- %HOMEPATH%\Favorites\ѕУјТНжѕЯ.lnk
- %HOMEPATH%\Favorites\µзЖчЖµµА.lnk
- %HOMEPATH%\Favorites\Е®ИЛЖµµА.lnk
- %HOMEPATH%\Favorites\ЙМіЗЖµµА.lnk
- %HOMEPATH%\Favorites\МЁНеЖµµА.lnk
- %HOMEPATH%\Favorites\ЧЫєПЖµµА.lnk
- %HOMEPATH%\Favorites\МФ±¦»К№Ъ.lnk
- %HOMEPATH%\Favorites\МФ±¦ґЩПъ.lnk
- %HOMEPATH%\Favorites\ГАИЭЖµµА.lnk
- %TEMP%\nsr3.tmp\ns6.tmp
- %TEMP%\nsr3.tmp\ns4.tmp
- %TEMP%\nsr3.tmp\ns5.tmp
- 'do##.##tup.cpadown.com':8080
- DNS ASK do##.##tup.cpadown.com
- '%TEMP%\nsr3.tmp\ns4.tmp' cmd.exe /c >>%WINDIR%/4265.vbs echo Call CreateNoDelete("%HOMEPATH%\Desktop/МФ±¦№єОп.exe")
- '%TEMP%\nsr3.tmp\ns5.tmp' cmd.exe /c >>%WINDIR%/4265.vbs echo Private Sub CreateNoDelete(path)
- '%TEMP%\nsr3.tmp\ns6.tmp' cmd.exe /c >>%WINDIR%/4265.vbs echo On Error Resume Next
- '<SYSTEM32>\cmd.exe' /c >>%WINDIR%/4265.vbs echo Call CreateNoDelete("%HOMEPATH%\Desktop/МФ±¦№єОп.exe")
- '<SYSTEM32>\cmd.exe' /c >>%WINDIR%/4265.vbs echo Private Sub CreateNoDelete(path)
- '<SYSTEM32>\cmd.exe' /c >>%WINDIR%/4265.vbs echo On Error Resume Next