Техническая информация
- %APPDATA%\tyhgfds.exe
- %TEMP%\tgrfedc.txt
- %PROGRAMDATA%\hrdwqjbihu\8372422.txt
- %PROGRAMDATA%\hrdwqjbihu\files\_information.txt
- %PROGRAMDATA%\hrdwqjbihu\46173476.txt
- %PROGRAMDATA%\hrdwqjbihu\nl_2020_06_14___14_37___vxejdv_95.211.190.199.zip
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %PROGRAMDATA%\hrdwqjbihu\46173476.txt
- %PROGRAMDATA%\hrdwqjbihu\8372422.txt
- %APPDATA%\tyhgfds.exe
- http://rr###ad06.top/download.php?fi########
- http://rr###ad06.top/downfiles/6.exe
- http://ip##pi.com/line/
- http://ip##pi.com/line
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK rr###ad06.top
- DNS ASK ip##pi.com
- DNS ASK ip###ger.org
- DNS ASK microsoft.com
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к файлу>'
- '%APPDATA%\tyhgfds.exe'
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %PROGRAMDATA%\hrdwqjbihu & timeout 2 & del /f /q "%APPDATA%\tyhgfds.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %PROGRAMDATA%\hrdwqjbihu & timeout 2 & del /f /q "%APPDATA%\tyhgfds.exe"
- '%WINDIR%\syswow64\timeout.exe' 2