Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 404fch.lnk
- C:\config.sys\sign231.txt
- C:\config.sys\wbs.txt
- C:\config.sys\ncrted\wbs.txt
- C:\config.sys\ncrted\dwn_nvsdk.exe
- %TEMP%\order_ug.vbs
- %TEMP%\order_gqm.vbs
- C:\config.sys\ncrted\tik_avn.txt
- C:\config.sys\ncrted\tik_pme.txt
- %TEMP%\order_fqчy.vbs
- C:\config.sys\ncrted\tik_ldmyp.txt
- %TEMP%\order_uщ.vbs
- C:\config.sys\ncrted\tik_nyag.txt
- %TEMP%\order_فkشp.vbs
- C:\config.sys\ncrted\tik_gespi.txt
- %TEMP%\order_ءفhl.vbs
- C:\config.sys\ncrted\dwn_nvsdk.exe в C:\config.sys\ncrted\dwn_hmcg.exe
- DNS ASK google.com
- 'C:\config.sys\ncrted\dwn_nvsdk.exe'
- 'C:\config.sys\ncrted\dwn_hmcg.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_uG.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_gQm.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_fQчy.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_uщ.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_فkشp.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ءفhl.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (со скрытым окном)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Zuىة.vbs"