Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Scwgwy' = '%APPDATA%\Scwgwy.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '2709326733' = '%HOMEPATH%\2709326733\2709326733.EXE'
- '%WINDIR%\BillLab-29.exe'
- '%WINDIR%\BillLab-28.exe'
- '<SYSTEM32>\reg.exe' ADd HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2709326733 /d "%HOMEPATH%\2709326733\2709326733.EXE" /f
- '<SYSTEM32>\shutdown.exe' /R /T 04 /F
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\2709326733\2709326733.EXE
- %APPDATA%\Scwgwy.exe
- %WINDIR%\BillLab-29.exe
- %WINDIR%\BillLab-28.exe
- %WINDIR%\BillLab-29.exe
- 'up.##aneek.net':3212
- 'ap#.##pmania.com':80
- ap#.##pmania.com/
- DNS ASK up.##aneek.net
- DNS ASK ap#.##pmania.com
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'