Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'DeviceParinWizard' = '%TEMP%\DellDrve\DeviceParinWizard.exe'
- %TEMP%\DellDrve\DeviceParinWizard.exe
- <Текущая директория>\AutoRunApp.vbs
- %TEMP%\DellDrve\help_32_64.exe
- %TEMP%\DellDrve\1.txt
- <Текущая директория>\AutoRunApp.vbs
- 'co###xmr.xyz':6789
- '12#.#25.114.144':80
- http://www.ba##u.com/ via 12#.#25.114.144
- DNS ASK co###xmr.xyz
- DNS ASK www.ba##u.com
- ClassName: '' WindowName: ''
- '<SYSTEM32>\wscript.exe' "<Текущая директория>\AutoRunApp.vbs"
- '%TEMP%\DellDrve\help_32_64.exe' --donate-level 1 --max-cpu-usage 75 -o colorxmr.xyz:6789 -u 472699MqbEvgq4MA4ismnac2z4huFwZStFDcoAxXWKGs4QWsf6pWdxzGpLGzqGuSd8TBaraaGctshYFELuUp5QJ222vtbRE -p x -k
- '<SYSTEM32>\cmd.exe' /c %TEMP%\DellDrve\help_32_64.exe --donate-level 1 --max-cpu-usage 75 -o colorxmr.xyz:6789 -u 472699MqbEvgq4MA4ismnac2z4huFwZStFDcoAxXWKGs4QWsf6pWdxzGpLGzqGuSd8TBaraaGctshYFELuUp5QJ222vtbRE -p ...