Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1579703444a5d397a491c60a5505be31' = '"%TEMP%\server.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1579703444a5d397a491c60a5505be31' = '"%TEMP%\server.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\1579703444a5d397a491c60a5505be31.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE
- %TEMP%\nso8f57.tmp\sibuia.dll
- %TEMP%\sib9081.tmp\sibca.dll
- %TEMP%\sib9081.tmp\sibclr.dll
- %TEMP%\sib9081.tmp\0\server.rummage.exe
- %TEMP%\e653d73e45833b6c
- %TEMP%\server.exe
- %PROGRAMDATA%\sib\{3335675f-1000-4511-ad87-86976882759e}\sib.dat
- %PROGRAMDATA%\sib\{3335675f-1000-4511-ad87-86976882759e}\sibclr.dll
- %PROGRAMDATA%\sib\{3335675f-1000-4511-ad87-86976882759e}\sibca.dll
- %TEMP%\sib9081.tmp\0\server.rummage.exe
- %TEMP%\sib9081.tmp\sibca.dll
- %TEMP%\sib9081.tmp\sibclr.dll
- %TEMP%\nso8f57.tmp\sibuia.dll
- http://www.go#####analytics.com/collect
- DNS ASK go#####analytics.com
- DNS ASK aa####212.ddns.net
- '%TEMP%\sib9081.tmp\0\server.rummage.exe' hackkk1
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE' (со скрытым окном)