Техническая информация
- %HOMEPATH%\bmtyjfacbnuw.exe
- %HOMEPATH%\filename.exe
- %HOMEPATH%\startupname.vbs
- %TEMP%\dw.log
- %TEMP%\13f14f.dmp
- %HOMEPATH%\startupname.vbs
- http://ch#####.amazonaws.com/
- DNS ASK ch#####.amazonaws.com
- '%HOMEPATH%\bmtyjfacbnuw.exe'
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\startupname.vbs
- '<SYSTEM32>\cscript.exe' //B //Nologo %HOMEPATH%\startupname.vbs' (со скрытым окном)
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 956
- '<SYSTEM32>\reg.exe' add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f