Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lAJUQegRrF' = 'C:\Users\Public\lAJUQegRrF.vbs'
- <SYSTEM32>\svchost.exe
- %TEMP%\nhc.exe
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- %TEMP%\ol.exe
- %WINDIR%\temp\scs3.tmp
- %WINDIR%\temp\scs4.tmp
- %HOMEPATH%\appmon\bisrv.bat
- %WINDIR%\temp\scs1.tmp
- %WINDIR%\temp\scs2.tmp
- %WINDIR%\temp\scs3.tmp
- %WINDIR%\temp\scs4.tmp
- 'kw####.duckdns.org':3852
- http://www.hl##co.xyz/nhc.exe
- http://www.hl##co.xyz/cgi-sys/suspendedpage.cgi
- http://www.hl##co.xyz/OL.exe
- DNS ASK hl##co.xyz
- DNS ASK kw####.duckdns.org
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fc0.fc4.360001'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-fdc.fe0.370002'
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\ntvdm.exe' -f -i2
- '<SYSTEM32>\svchost.exe'