Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{44F0A85B-8D87-A941-03C8-B9DF131E8AC6}' = '%APPDATA%\Ocpyy\gyyh.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\x.vbs
- <SYSTEM32>\dwwin.exe
- <SYSTEM32>\cmd.exe
- ClassName: 'OLLYDBG', WindowName: ''
- %TEMP%\tmp_4becacef.bat
- %APPDATA%\Ocpyy\gyyh.exe
- <Полный путь к файлу>
- 'pb######a66te2lm.onion.sx':80
- DNS ASK pb######a66te2lm.onion.sx
- ClassName: 'Zeta Debugger' WindowName: ''
- ClassName: 'Rock Debugger' WindowName: ''
- ClassName: 'ObsidianGUI' WindowName: ''
- ClassName: 'Progman' WindowName: ''
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'Immunity Debugger' WindowName: ''
- '%APPDATA%\Ocpyy\gyyh.exe'
- '<Полный путь к файлу>'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\tmp_4becacef.bat"
- '<SYSTEM32>\cmd.exe' /c echo on error resume next:CreateObject("WScript.Shell").Run "%APPDATA%\Ocpyy\gyyh.exe",1: >"%HOMEPATH%\Start Menu\Programs\Startup\x.vbs"
- '<SYSTEM32>\cmd.exe' /c echo on error resume next:CreateObject("WScript.Shell").Run "<Полный путь к файлу>",1: >"%HOMEPATH%\Start Menu\Programs\Startup\x.vbs"
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'