Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'w32berbdnf' = '%WINDIR%\w32berb\dnf\w32berbdnf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\w32berb85962571] 'ImagePath' = '%WINDIR%\w32berb\all\85962571.sys'
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\wwttublrewochlnkpohq.bat
- '%WINDIR%\w32berb\dnf\w32berbdnf.exe'
- '%WINDIR%\w32berb\all\Syseidmmk.exe'
- '<SYSTEM32>\taskkill.exe' /f /im DNF.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\utwpqccnfrztyvovxopy.bat
- '<SYSTEM32>\taskkill.exe' /f /im <Имя файла>.exe
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berb\dnf\deleteme.bat
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\w32berbtmp\luqhvapugjydlprbadaz.bat
- '<SYSTEM32>\attrib.exe' +s +h "%WINDIR%\w32berb"
- '<SYSTEM32>\attrib.exe' +s +h "%WINDIR%\w32berbtmp"
- '<SYSTEM32>\taskkill.exe' /f /im w32berbdnf.exe
- dnf.exe
- %WINDIR%\w32berb\all\Syseidmmk.exe
- %WINDIR%\w32berb\dnf\1.jpg
- %WINDIR%\w32berbtmp\utwpqccnfrztyvovxopy.bat
- %WINDIR%\w32berb\all\85962571.sys
- %WINDIR%\w32berb\dnf\deleteme.bat
- %WINDIR%\w32berbtmp\luqhvapugjydlprbadaz.bat
- %WINDIR%\w32berbtmp\wwttublrewochlnkpohq.bat
- %WINDIR%\w32berb\dnf\w32berbdnf.exe
- %WINDIR%\w32berb\all\85962571.sys
- ClassName: '' WindowName: ''