Техническая информация
- %WINDIR%\Tasks\berwcx.11
- %WINDIR%\Tasks\AShldRes.dll
- %WINDIR%\Tasks\nerrry.11
- %WINDIR%\Tasks\omba123gg.exe
- %WINDIR%\Tasks\foot.dat
- %WINDIR%\Tasks\bsae.bat
- [<HKLM>\SYSTEM\ControlSet001\Services\Nwsapagent] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nwsapagent] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters] 'ServiceDll' = '%WINDIR%\tasks\AShldRes.Dll'
- %ALLUSERSPROFILE%\Application Data\McAfee\MCLOGS\VirusScan\omba123gg\omba123gg000.log
- %WINDIR%\Tasks\berwcx.11
- %WINDIR%\Tasks\nerrry.11
- <Полный путь к файлу>
- 'cl####.#oogleupdating.net':80
- 'cl###.##ogleupdating.net':80
- http://cl####.#oogleupdating.net/82819758/00000B4000000B68/2018/11/20/0/32/11/0002393600000029
- http://cl###.##ogleupdating.net/82819758/00000B4000000B68/2018/11/20/0/32/42/0002B21F00004823
- DNS ASK cl####.#oogleupdating.net
- DNS ASK cl###.##ogleupdating.net
- '%WINDIR%\Tasks\omba123gg.exe'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\tasks\bsae.bat