Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = '%TEMP%\Drivers\System.lnk'
- %HOMEPATH%\start menu\programs\startup\system.lnk
- %TEMP%\drivers\mf0stq7idmqthgwxvgvb.exe
- %TEMP%\drivers\svgcqwbk6gsjzcjqmthysaecmh4fat.vbs
- %TEMP%\drivers\skae20a7bjjfu4my1e4iqtfgjpkw09.bat
- %TEMP%\drivers\windows defender.exe
- %TEMP%\drivers\ipbbipdm6akhq55d1eesm3h6skqxs2.bat
- %TEMP%\drivers\vmcheck32.dll
- %TEMP%\drivers\calculator.exe
- %TEMP%\drivers\system.vbe
- %TEMP%\drivers\system.lnk
- %HOMEPATH%\my documents\my pictures\bkphst32.exe
- DNS ASK ch########rivate.000webhostapp.com
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "%TEMP%\Drivers\SVGcQWbK6gSJZCJqmThYSAeCmh4FAT.vbs"
- '%TEMP%\drivers\mf0stq7idmqthgwxvgvb.exe' -p4792fdf59d983d4e62bd2b7bb65715c4f301a67d
- '<SYSTEM32>\wscript.exe' "%TEMP%\Drivers\System.vbe"
- '%TEMP%\drivers\calculator.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Drivers\SkAe20A7bjJFU4MY1e4IQtfgjpKw09.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Drivers\IPBBipDm6AkHQ55D1eesM3h6sKQxS2.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Drivers\SkAe20A7bjJFU4MY1e4IQtfgjpKw09.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Drivers\IPBBipDm6AkHQ55D1eesM3h6sKQxS2.bat" "