Техническая информация
- '' (загружен из сети Интернет)
- 'C:\users\public\7654333.exe'
- %WINDIR%\syswow64\attrib.exe
- C:\users\public\7654333.exe
- %TEMP%\ixp000.tmp\rsazhe.com
- %TEMP%\ixp000.tmp\tlw.com
- %TEMP%\ixp000.tmp\ucaa.com
- %TEMP%\ixp000.tmp\searchindexer.com
- %TEMP%\ixp000.tmp\a
- %TEMP%\ixp000.tmp\rsazhe.com
- %TEMP%\ixp000.tmp\a
- %TEMP%\ixp000.tmp\ucaa.com
- %TEMP%\ixp000.tmp\tlw.com
- %TEMP%\ixp000.tmp\searchindexer.com
- http://bi#.ly/2WimDUm
- DNS ASK bi#.ly
- DNS ASK u.##knik.io
- DNS ASK un######WItHP.unuvAXTLWItHP
- DNS ASK st####.rapidssl.com
- '%TEMP%\ixp000.tmp\searchindexer.com' A
- '%WINDIR%\syswow64\cmd.exe' /c <nul set /p ="M" > SearchIndexer.com & type RSAzhE.com >> SearchIndexer.com & del RSAzhE.com & certutil -decode TLW.com A & SearchIndexer.com A & ping 127.0.0.1 -n 3' (со скрытым окном)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\cmd.exe' /c <nul set /p ="M" > SearchIndexer.com & type RSAzhE.com >> SearchIndexer.com & del RSAzhE.com & certutil -decode TLW.com A & SearchIndexer.com A & ping 127.0.0.1 -n 3
- '%WINDIR%\syswow64\certutil.exe' -decode TLW.com A
- '%WINDIR%\syswow64\ping.exe' 127.0.0.1 -n 3