Техническая информация
- <SYSTEM32>\tasks\active
- %TEMP%\kk.exe
- %TEMP%\letsvpn.exe
- %TEMP%\nsv2ab8.tmp\system.dll
- %TEMP%\nsv2ab8.tmp\modern-header.bmp
- %TEMP%\nsv2ab8.tmp\modern-wizard.bmp
- %TEMP%\nsv2ab8.tmp\nsdialogs.dll
- C:\users\public\pictures\41002\act.exe
- C:\users\public\videos\lsp.exe
- C:\users\public\pictures\41002\ttvip.exe
- C:\users\public\pictures\41002\libcef.dll
- C:\users\public\pictures\41002\act.exe
- C:\users\public\videos\lsp.exe
- C:\users\public\pictures\41002\act.exe в %TEMP%\1030464\....\temporaryfile
- %TEMP%\kk.exe в %TEMP%\_@ba0b.tmp
- '2.###angm.com':83
- '11##.#elegramh.net':1122
- http://2.####ngm.com:83/lsp/act.ocx via 2.###angm.com
- http://2.####ngm.com:83/lsp/1121.ocx via 2.###angm.com
- http://2.####ngm.com:83/lsp/aa.ocx via 2.###angm.com
- http://2.####ngm.com:83/lsp/libcef.dll via 2.###angm.com
- DNS ASK 2.###angm.com
- DNS ASK 11##.#elegramh.net
- '%TEMP%\kk.exe'
- '%TEMP%\letsvpn.exe'
- 'C:\users\public\pictures\41002\act.exe' 6 23321 fds01234fs56789123afds
- 'C:\users\public\videos\lsp.exe'
- 'C:\users\public\pictures\41002\act.exe' 6 23321 fds01234fs56789123afds' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONLOGON /TN active /F /RL HIGHEST /TR C:\Users\Public\Pictures\41002\ttvip.exe' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /SC ONLOGON /TN active /F /RL HIGHEST /TR C:\Users\Public\Pictures\41002\ttvip.exe