Техническая информация
- %TEMP%\7534700457.exe
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- %ALLUSERSPROFILE%\application data\garbage cleaner\bunifu_ui_v1.5.3.dll
- %ALLUSERSPROFILE%\application data\garbage cleaner\garbage cleaner.exe
- %HOMEPATH%\desktop\garbage cleaner.lnk
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- 'ip###ger.org':443
- http://ip###ger.org/1z6A57
- http://ip###ger.org/1nLz47
- http://gs###clean.top/ver.txt
- http://ip###ger.org/1tnbw7
- http://ip###ger.org/1PMX37
- http://ip###ger.org/1z9A57
- DNS ASK ip###ger.org
- DNS ASK gs###clean.top
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fa8.fac.370001'
- '<SYSTEM32>\cmd.exe' /c start /I "" "%TEMP%\7534700457.exe"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /I "" "%ALLUSERSPROFILE%\Application Data\Garbage Cleaner\Garbage Cleaner.exe"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c start /I "" "%TEMP%\7534700457.exe"
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\cmd.exe' /c start /I "" "%ALLUSERSPROFILE%\Application Data\Garbage Cleaner\Garbage Cleaner.exe"