Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %HOMEPATH%\start menu\programs\startup\system.lnk
- C:\media\eivcb2kgu9s8ry282i2a.exe
- C:\media\system.vbe
- C:\media\fontreview.exe
- C:\media\vmcheck32.dll
- C:\media\opddt5qmipyy1cwbklkall5bjsz0rv.bat
- C:\media\mailer.dll
- C:\media\watchdog.data
- C:\media\system.lnk
- C:\media\starter.exe
- C:\media\dogs\securityhealthservice.exe
- C:\media\dogs\runtime broker.exe
- C:\media\dogs\adobe quikinstall.exe
- C:\media\autopass.dll
- C:\media\n7v3vfwzgdgyhehkgkrsgdvvb09obt.bat
- C:\media\bhfvvom2nysgoz7n8ewl1gge9gaqps.vbs
- C:\media\dogs\yourphone.exe
- %HOMEPATH%\my documents\my pictures\bkphst32.exe
- DNS ASK fo####s.beget.tech
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Media\BHFvVOm2NYsgoz7N8ewL1ggE9gAqps.vbs"
- 'C:\media\eivcb2kgu9s8ry282i2a.exe' -p8bb58230edb3360c8af25e817a48bb4de272c158
- '<SYSTEM32>\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\N7v3VfwZGdgYhEHkGKrSgDvvB09oBt.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\opDdt5QMIpyy1CWbklkAlL5bjSZ0RV.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\N7v3VfwZGdgYhEHkGKrSgDvvB09oBt.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\opDdt5QMIpyy1CWbklkAlL5bjSZ0RV.bat" "