Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KeybordDriver x86' = '"%APPDATA%\Windows Objects x86\wmimic.exe" winstart'
- %APPDATA%\Windows Objects x86\wmimic.exe
- %APPDATA%\Windows Objects x86\wmisecure.exe
- %APPDATA%\Windows Objects x86\wmisecure64.exe
- %APPDATA%\Windows Objects x86\wmihostwin.exe
- %APPDATA%\6s5d4f65ds4g65d47gfd684gfd_0027.sys
- %APPDATA%\Docs.exe
- %APPDATA%\Windows Objects x86\wmiintegrator.exe
- <Полный путь к файлу>
- 'ds###########zdf4as654fd65as4f65d4as56x1.com':443
- 'localhost':1038
- DNS ASK 13########d41h56f464d65g4df65.com
- DNS ASK c5#######b5cv4g56x4fx56d.com
- DNS ASK 21#########fg4ikyhiky4sd8f47as986d4.com
- DNS ASK ds###########zdf4as654fd65as4f65d4as56x1.com
- DNS ASK db###########df54szg65f4vsd87fa8s64df98sa.com
- '%APPDATA%\Windows Objects x86\wmimic.exe' unk3
- '%APPDATA%\Windows Objects x86\wmisecure.exe' execute
- '%APPDATA%\Windows Objects x86\wmisecure64.exe' autorun
- '%APPDATA%\Docs.exe' <Полный путь к файлу>
- '%APPDATA%\Windows Objects x86\wmiintegrator.exe' unk
- '%APPDATA%\Windows Objects x86\wmihostwin.exe' unk2
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeybordDriver x86" /t REG_SZ /d "\"%APPDATA%\Windows Objects x86\wmimic.exe\" winstart" /f