Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\pre-setting 470ztfibq.lnk
- C:\config.sys\sign231.txt
- C:\config.sys\wbs.txt
- C:\config.sys\xghtpd\wbs.txt
- C:\config.sys\xghtpd\dwn_wzidvdm.exe
- %TEMP%\order_jlx.vbs
- C:\config.sys\xghtpd\tik_lotsr.txt
- %TEMP%\order_ыق.vbs
- C:\config.sys\xghtpd\tik_wkxg.txt
- %TEMP%\order_cb.vbs
- C:\config.sys\xghtpd\tik_jubqjn.txt
- %TEMP%\order_وqгd.vbs
- C:\config.sys\xghtpd\tik_jggfhw.txt
- %TEMP%\order_jр.vbs
- C:\config.sys\xghtpd\tik_krqk.txt
- %TEMP%\order_lخx.vbs
- C:\config.sys\xghtpd\dwn_wzidvdm.exe в C:\config.sys\xghtpd\dwn_yvxe.exe
- DNS ASK google.com
- 'C:\config.sys\xghtpd\dwn_wzidvdm.exe'
- 'C:\config.sys\xghtpd\dwn_yvxe.exe'
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_JLx.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_ыق.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_Cb.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_وqгD.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_jр.vbs"
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_lخx.vbs"
- '<SYSTEM32>\ping.exe' -n 1 www.google.com' (со скрытым окном)
- '<SYSTEM32>\ping.exe' -n 1 www.google.com
- '<SYSTEM32>\wscript.exe' "%TEMP%\order_زаDг.vbs"