Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 105kblg.lnk
- C:\config.sys\sign231.txt
- C:\config.sys\wbs.txt
- C:\config.sys\hsole\wbs.txt
- C:\config.sys\hsole\dwn_rgjzcf.exe
- %TEMP%\order_oوуج.vbs
- C:\config.sys\hsole\tik_jygby.txt
- %TEMP%\order_bعч.vbs
- C:\config.sys\hsole\tik_evk.txt
- %TEMP%\order_sоزي.vbs
- C:\config.sys\hsole\tik_pnin.txt
- %TEMP%\order_geدق.vbs
- C:\config.sys\hsole\tik_ohgzp.txt
- %TEMP%\order_vkح.vbs
- C:\config.sys\hsole\tik_fprou.txt
- %TEMP%\order_ةذr.vbs
- C:\config.sys\hsole\dwn_rgjzcf.exe в C:\config.sys\hsole\dwn_jij.exe
- DNS ASK google.com
- 'C:\config.sys\hsole\dwn_rgjzcf.exe'
- 'C:\config.sys\hsole\dwn_jij.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Oوуج.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_bعч.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_sоزي.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_GEدق.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_vkح.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ةذr.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (со скрытым окном)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_WarI.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Pе.vbs"