Техническая информация
- '%WINDIR%\syswow64\at.exe'
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %APPDATA%\opera software\opera stable\login data
- %APPDATA%\mozilla\firefox\profiles.ini
- %TEMP%\7zipsfx.000\avevano.gif
- %TEMP%\7zipsfx.000\carne.gif
- %TEMP%\7zipsfx.000\trasporta.gif
- %TEMP%\7zipsfx.000\raccontero.exe.pif
- %TEMP%\7zipsfx.000\aefdolfsztz.dll
- %TEMP%\7zipsfx.000\k
- %TEMP%\7zipsfx.000\trasporta.gif в %TEMP%\7zipsfx.000\k
- DNS ASK Om#########tGFzQbY.OmOiJzgpGsOtGFzQbY
- DNS ASK ry###i61.top
- '%TEMP%\7zipsfx.000\raccontero.exe.pif' K
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Avevano.gif' (со скрытым окном)
- '%WINDIR%\syswow64\at.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c cmd < Avevano.gif
- '%WINDIR%\syswow64\cmd.exe'
- '%WINDIR%\syswow64\tasklist.exe' /FI "imagename eq BullGuardCore.exe"
- '%WINDIR%\syswow64\find.exe' /I /N "bullguardcore.exe"
- '%WINDIR%\syswow64\tasklist.exe' /FI "imagename eq PSUAService.exe"
- '%WINDIR%\syswow64\find.exe' /I /N "psuaservice.exe"
- '%WINDIR%\syswow64\findstr.exe' /V /R "^cBzXAcIxlZxBLrudJZEKMEfMBLjYIUHiiHpsEFkbFNOHlqzCFfAVWViQkHvPoKMfajztUOLrNitYQIBAaJazxLkjAayXovgVqngYHgIQDviPQoqDyWvmsaVGquEBIOVsSpYszDSrqBPY$" Carne.gif
- '%WINDIR%\syswow64\waitfor.exe' /t 5 VptJeRkGyRWw