Техническая информация
- Средство контроля пользовательских учетных записей (UAC)
- %WINDIR%\syswow64\zcdebcmlojpqszetiqxuzux.zwx
- %ProgramFiles(x86)%\zcdebcmlojpqszetiqxuzux.zwx
- %LOCALAPPDATA%\zcdebcmlojpqszetiqxuzux.zwx
- %WINDIR%\zcdebcmlojpqszetiqxuzux.zwx
- %TEMP%\zcdebcmlojpqszetiqxuzux.zwx
- <Текущая директория>\zcdebcmlojpqszetiqxuzux.zwx
- %TEMP%\bmvejskrc.exe
- <Текущая директория>\wc_drop.exe
- 'fa###ook.com':80
- 'wh###smyip.org':80
- 'wh#####yipaddress.com':80
- 'wh###smyip.com':80
- 'my##ace.com':80
- http://www.fa###ook.com
- http://www.wh###smyip.org/
- http://wh#####yipaddress.com/
- http://www.wh###smyip.com/
- http://www.my##ace.com
- DNS ASK fa###ook.com
- DNS ASK wh#####yipaddress.com
- DNS ASK wh###smyip.org
- DNS ASK wh###smyip.com
- DNS ASK wh#####yip.everdot.org
- DNS ASK wh###smyip.ca
- DNS ASK my##ace.com
- '%TEMP%\bmvejskrc.exe' -
- '%WINDIR%\syswow64\takeown.exe' /f "%ProgramFiles(x86)%\\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c pause
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%TEMP%\bmvejskrc.exe"
- '%WINDIR%\syswow64\takeown.exe' /f "%ProgramFiles(x86)%\\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"