Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 132uhu.lnk
- C:\configration\sign231.txt
- C:\configration\wbs.txt
- C:\configration\hjdnp\wbs.txt
- C:\configration\hjdnp\dwn_jnilo.exe
- %TEMP%\order_vaغn.vbs
- C:\configration\hjdnp\tik_pfj.txt
- %TEMP%\order_gнgz.vbs
- C:\configration\hjdnp\tik_til.txt
- %TEMP%\order_eئь.vbs
- C:\configration\hjdnp\tik_kyij.txt
- %TEMP%\order_ىp.vbs
- C:\configration\hjdnp\tik_vgl.txt
- %TEMP%\order_ةةئw.vbs
- C:\configration\hjdnp\tik_pywse.txt
- %TEMP%\order_رуd.vbs
- C:\configration\hjdnp\dwn_jnilo.exe в C:\configration\hjdnp\dwn_ryburk.exe
- DNS ASK google.com
- 'C:\configration\hjdnp\dwn_jnilo.exe'
- 'C:\configration\hjdnp\dwn_ryburk.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Vaغn.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_GнGz.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_eئь.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ىP.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ةةئw.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_رуd.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (со скрытым окном)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com