Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Wmi' = 'regsvr32 /u /s /i:c:\PerifLogs\Run.txt scrobj.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\BITS] 'Start' = '00000002'
- C:\PerifLogs\Run.txt
- C:\BIT1.tmp
- C:\PerifLogs\RegText.txt
- %TEMP%\6DB3446E8D4FAEAF2612C1756FC1E48A.png
- C:\PerifLogs\wmnotwk.exe
- C:\PerifLogs\RegText.txt
- C:\BIT1.tmp
- '18#.#0.110.12':8082
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- 'C:\PerifLogs\wmnotwk.exe' -JXp 0
- '<SYSTEM32>\regsvr32.exe' /u /s /i:"c:\PerifLogs\RegText.txt" scrobj.dll
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\6DB3446E8D4FAEAF2612C1756FC1E48A.png