Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jrd' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- %TEMP%\ratr.exe
- %TEMP%\fudddd.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- <SYSTEM32>\wscript.exe "%TEMP%\Mp3Aio.vbs"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- %TEMP%\Mp3Aio.vbs
- %TEMP%\windefender.exe.jpg
- %APPDATA%\jrd.tempcodec
- %TEMP%\fudddd.exe
- %TEMP%\ratr.exe
- %TEMP%\Mp3Aio.vbs
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe в %APPDATA%\windefender.exe
- 'w0#m.co':80
- w0#m.co/bots/cmd.php?ke##############################
- w0#m.co/bots/alive.php?ke####################################################################################
- DNS ASK w0#m.co
- ClassName: 'Indicator' WindowName: ''