Техническая информация
- %WINDIR%\syswow64\rundll32.exe
- %TEMP%\sangforvpn.exe
- %TEMP%\easyconnectinstall.exe
- %APPDATA%\easyconnect_28574\easyconnectinstallerraw.exe
- %TEMP%\nspb8c8.tmp
- %TEMP%\nsfb8d9.tmp\system.dll
- %TEMP%\sangforvpn.tmp
- http://19#.###.10.125:65530/pbc.js via 19#.#12.10.125
- http://19#.###.10.125:65533/pixel via 19#.#12.10.125
- ClassName: 'MozillaWindowClass' WindowName: ''
- '%TEMP%\sangforvpn.exe'
- '%TEMP%\easyconnectinstall.exe'
- '%APPDATA%\easyconnect_28574\easyconnectinstallerraw.exe'
- '%WINDIR%\syswow64\cmd.exe' /C %TEMP%\\sangforVPN.exe
- '%WINDIR%\syswow64\cmd.exe' /C %TEMP%\\EasyConnectInstall.exe
- '<SYSTEM32>\cscript.exe' /B /e:JScript %TEMP%\/sangforvpn.tmp
- '%WINDIR%\syswow64\rundll32.exe'