Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DeepScan32' = '%APPDATA%\DeepScan32\DeepScan.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DeepScan32' = '\DeepScan32\DeepScan.exe'
- trillian.exe
- C:\DeepScan32\DeepScan.exe
- %APPDATA%\Imminent\Logs\26-12-2017
- %APPDATA%\Imminent\Path.dat
- %APPDATA%\DeepScan32\DeepScan.exe
- %APPDATA%\DeepScan32.exe
- %APPDATA%\1868ce0e693d18ad67f8c0f702413c50.png
- %TEMP%\deepscan32\deepscan32.exe
- %TEMP%\deepscan32\deepscan32.exe
- %APPDATA%\DeepScan32.exe
- '19#.#66.218.230':9003
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%TEMP%\deepscan32\deepscan32.exe'
- '%APPDATA%\DeepScan32.exe'
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1000
- '<SYSTEM32>\taskmgr.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %APPDATA%\1868ce0e693d18ad67f8c0f702413c50.png
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "%APPDATA%\DeepScan32.exe"