Техническая информация
- %HOMEPATH%\start menu\programs\startup\pre-setting 367vchs.lnk
- C:\settings\sign231.txt
- C:\settings\wbs.txt
- C:\settings\knqxql\wbs.txt
- C:\settings\knqxql\dwn_hcgw.exe
- %TEMP%\order_uoi.vbs
- %TEMP%\order_ءص.vbs
- C:\settings\knqxql\tik_xgkf.txt
- %TEMP%\order_بmiв.vbs
- C:\settings\knqxql\tik_ptujiw.txt
- %TEMP%\order_зص.vbs
- C:\settings\knqxql\tik_nswhge.txt
- %TEMP%\order_ذыtq.vbs
- C:\settings\knqxql\tik_dnn.txt
- %TEMP%\order_еm.vbs
- C:\settings\knqxql\dwn_hcgw.exe в C:\settings\knqxql\dwn_wwpe.exe
- DNS ASK google.com
- 'C:\settings\knqxql\dwn_hcgw.exe'
- 'C:\settings\knqxql\dwn_wwpe.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_uOi.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ءص.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_بmiв.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_зص.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ذыTQ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_еM.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (со скрытым окном)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com