Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\ cnews.vbs
- %APPDATA%\microsoft\windows\start menu\ v.ps1
- %TEMP%\is-8b0an.tmp\uninstall.png
- %TEMP%\is-8b0an.tmp\install.png
- %TEMP%\is-8b0an.tmp\exit.png
- %TEMP%\is-8b0an.tmp\autorun1.jpg
- %TEMP%\is-8b0an.tmp\setup1.jpg
- %TEMP%\is-8b0an.tmp\lockscreen.jpg
- %TEMP%\is-8b0an.tmp\tile1_background.jpg
- %TEMP%\is-8b0an.tmp\light.png
- %TEMP%\is-8b0an.tmp\botva2.dll
- %TEMP%\is-8b0an.tmp\isdone.dll
- %TEMP%\is-8b0an.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-8b0an.tmp\_isetup\_setup64.tmp
- %TEMP%\is-6cvpr.tmp\musicp.tmp
- %HOMEPATH%\musicp.exe
- %TEMP%\is-8b0an.tmp\dark.png
- %TEMP%\is-8b0an.tmp\tile1_icon1.png
- 'sh######est.myiphost.com':1995
- 'dl.#####oxusercontent.com':443
- DNS ASK dl.#####oxusercontent.com
- DNS ASK sh######est.myiphost.com
- '%HOMEPATH%\musicp.exe'
- '%TEMP%\is-6cvpr.tmp\musicp.tmp' /SL5="$6022A,6222094,174080,%HOMEPATH%\MusicP.exe"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file "%APPDATA%\Microsoft\Windows\Start Menu\ v.ps1"' (со скрытым окном)
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ cnews.vbs"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -windo 1 -noexit -exec bypass -file "%APPDATA%\Microsoft\Windows\Start Menu\ v.ps1"