Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\szjbqqszym.url
- sollevando.exe.com
- %TEMP%\ixp000.tmp\tocca.flv
- %TEMP%\ixp000.tmp\inganna.flv
- %TEMP%\ixp000.tmp\pochi.flv
- %TEMP%\ixp000.tmp\lavorato.flv
- %TEMP%\ixp000.tmp\sollevando.exe.com
- %TEMP%\ixp000.tmp\p
- %APPDATA%\mmiibmkryf\z
- %APPDATA%\mmiibmkryf\szjbqqszym.exe.com
- %APPDATA%\mmiibmkryf\pochi.flv
- %APPDATA%\mmiibmkryf\mshwuyzpool.js
- %TEMP%\ixp000.tmp\p
- %TEMP%\ixp000.tmp\pochi.flv
- %TEMP%\ixp000.tmp\lavorato.flv
- %TEMP%\ixp000.tmp\inganna.flv
- %TEMP%\ixp000.tmp\tocca.flv
- %TEMP%\ixp000.tmp\sollevando.exe.com
- 'ip###ger.org':80
- 'ip###ger.org':443
- 'oc##.#ectigo.com':80
- http://ip###ger.org/1Wqqp7
- http://oc##.#ectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEGmjTouN%2FW5s3CDseaiw7qE%3D
- 'ip###ger.org':443
- DNS ASK jO##########LbliyqGnb.jOduIfTqIUBGLbliyqGnb
- DNS ASK ip###ger.org
- DNS ASK oc##.#ectigo.com
- '%TEMP%\ixp000.tmp\sollevando.exe.com' p
- '<SYSTEM32>\cmd.exe' /c cmd < Lavorato.flv' (со скрытым окном)
- '<SYSTEM32>\dllhost.exe' ' (со скрытым окном)
- '<SYSTEM32>\dllhost.exe'
- '<SYSTEM32>\cmd.exe' /c cmd < Lavorato.flv
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\findstr.exe' /V /R "^DAGQRwZMxODGzDBMLnPGlmBKhjHNIkrmXMjWTFQybgMAasvRBRslqdztYWCFzjroLtIHsFTuIJoVMwaVQQjRUTnHaoXXekLkkDPgJOAVXlBsinsXEHPDZjg$" Tocca.flv
- '<SYSTEM32>\ping.exe' localhost