Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Jklmno Qrstuvwx Abc] 'ImagePath' = '%WINDIR%\kkwgks.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Jklmno Qrstuvwx Abc] 'Start' = '00000002'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
- %WINDIR%\kkwgks.exe
- %APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\0.exe
- %APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\1.exe
- %APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\1.exe
- %APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\0.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
- 'ca####05.codns.com':5553
- DNS ASK ca####05.codns.com
- '%WINDIR%\kkwgks.exe'
- '%APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\0.exe'
- '<SYSTEM32>\cmd.exe' /c del %APPDATA%\[LegondsDrop] ce83fe68034b45a6b2da9c4afef410ef\0.exe > nul