Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Manager' = '%WINDIR%\M-505023097679492592038048603020\winmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Manager' = '%WINDIR%\M-505023097679492592038048603020\winmgr.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\M-505023097679492592038048603020\winmgr.exe' = '%WINDIR%\...
- %WINDIR%\m-505023097679492592038048603020\winmgr.exe
- %TEMP%\nwjbkmckvv.bat
- %WINDIR%\m-505023097679492592038048603020\winmgr.exe
- '22#.#81.87.80':80
- '22#.#81.87.80':5050
- DNS ASK ae#####epgfiaeirod.ru
- DNS ASK wu#####ozoueztuzqe.ru
- DNS ASK wd#####oouaklzwudo.ru
- DNS ASK ab#####zduroowdufa.ru
- DNS ASK op#####rwueodhsheu.ru
- '%WINDIR%\m-505023097679492592038048603020\winmgr.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nwjbkmckvv.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nwjbkmckvv.bat" "