Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /f /im uu.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im uu_ball.exe
- C:\onerun.bat
- %TEMP%\yzd.dll
- <Текущая директория>\cloudx4063.ip
- <Текущая директория>\cloudx4063.ip
- '10#.#6.13.252':511
- '10#.#6.14.89':300
- '10#.#6.137.245':300
- '10#.#6.14.90':300
- '12#.#6.62.76':3389
- '10#.#6.137.243':300
- '11#.#2.134.38':3389
- '12#.#.147.105':8800
- 'localhost':49187
- '10#.#6.13.231':300
- '10#.#6.13.225':300
- DNS ASK re##.#sasnet.net
- DNS ASK re##.#sasnet.com
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c C:\onerun.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c C:\onerun.bat
- '%WINDIR%\syswow64\reg.exe' delete HKEY_CURRENT_USER\Software\Netease /f
- '%WINDIR%\syswow64\reg.exe' delete HKEY_CURRENT_USER\Software\Netease\NeteaseGacc /f
- '%WINDIR%\syswow64\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netease /f
- '%WINDIR%\syswow64\reg.exe' delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netease\NeteaseGacc /f