Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender Extension' = '"%APPDATA%\%USERNAME%\module_launcher.exe"'
- '%APPDATA%\%USERNAME%\kb50145.exe'
- '%APPDATA%\injector_s.exe'
- '%APPDATA%\%USERNAME%\WdExt.exe'
- '%APPDATA%\%USERNAME%\module_launcher.exe' /i 2908
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\a0x.bat" "%APPDATA%\%USERNAME%\kb50145.exe" "%TEMP%\a0x.bat""
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\Temp\%USERNAME%1.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\Temp\%USERNAME%0.bat" "
- %WINDIR%\Explorer.EXE
- %APPDATA%\%USERNAME%\module_usbdetect.dll
- %TEMP%\tmp8.tmp
- %TEMP%\tmp7.tmp
- %TEMP%\tmp6.tmp
- %APPDATA%\%USERNAME%\module_fileinfect.dll
- %APPDATA%\%USERNAME%\module_launcher.exe
- %APPDATA%\injector_s.exe
- %TEMP%\a0x.bat
- %TEMP%\tmpA.tmp
- %TEMP%\tmp9.tmp
- %APPDATA%\%USERNAME%\kb50145.exe
- %TEMP%\Sp2.tmp
- %TEMP%\Se3.tmp
- %TEMP%\tmp1.tmp
- %APPDATA%\Temp\mydll.dll
- %APPDATA%\%USERNAME%\WdExt.exe
- %TEMP%\tmp4.tmp
- %TEMP%\tmp5.tmp
- %APPDATA%\%USERNAME%\module_diskscan.dll
- %APPDATA%\%USERNAME%\module_archive.dll
- %APPDATA%\Temp\%USERNAME%0.bat
- %APPDATA%\Temp\%USERNAME%1.bat
- %TEMP%\tmp8.tmp
- %TEMP%\tmp7.tmp
- %TEMP%\tmp9.tmp
- %APPDATA%\%USERNAME%\kb50145.exe
- %TEMP%\tmpA.tmp
- %TEMP%\tmp6.tmp
- %TEMP%\Sp2.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\Se3.tmp
- %TEMP%\tmp5.tmp
- %APPDATA%\Temp\mydll.dll
- DNS ASK windowsupdate.microsoft.com
- ClassName: 'Indicator' WindowName: '(null)'