Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'a0f00144' = '%PROGRAMDATA%\Intel\Wireless\654f7c4\38090a4.exe %PROGRAMDATA%\Intel\Wireless\654f7c4\3f52190.au3'
- 'C:\mularskl\idhrmvrb.exe' xbxdsgnv.au3
- %WINDIR%\syswow64\notepad.exe
- C:\mularskl\idhrmvrb.exe
- C:\mularskl\pe.bin
- C:\mularskl\xbxdsgnv.au3
- %TEMP%\torrent.txt
- %PROGRAMDATA%\intel\wireless\654f7c4\3f52190.au3
- %PROGRAMDATA%\intel\wireless\654f7c4\38090a4.exe
- %PROGRAMDATA%\intel\wireless\654f7c4\pe.bin
- %PROGRAMDATA%\intel\wireless\654f7c4\3653475\4b5b0d3
- %TEMP%\torrent.txt
- C:\mularskl\xbxdsgnv.au3
- C:\mularskl\idhrmvrb.exe
- C:\mularskl\pe.bin
- DNS ASK me####orrentt.org
- DNS ASK bc.####usercontent.nl
- 'C:\mularskl\idhrmvrb.exe' xbxdsgnv.au3' (со скрытым окном)
- '%WINDIR%\syswow64\notepad.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\notepad.exe'