Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %HOMEPATH%\start menu\programs\startup\system.lnk
- C:\media\sytw6ajypcs31cx5fyjl.exe
- C:\media\fqlphqcj2lhv1qs6xzu6zfneyzw0gz.vbs
- C:\media\sm5ouefoxuvmkkqivdrl5kz2v1m7zz.bat
- C:\media\hisbnjl1tauqj5qowdrpo2ybmi6j13.bat
- C:\media\vmcheck32.dll
- C:\media\svchosts.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\my documents\my pictures\bkphst32.exe
- DNS ASK bi###hlen.ml
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Media\fqLPHqCJ2lhv1qs6XZu6zfnEyZW0gZ.vbs"
- 'C:\media\sytw6ajypcs31cx5fyjl.exe' -pcf78da8a99e4a0e5bd671e04f9fca652e6fa1228
- '<SYSTEM32>\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\svchosts.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\Sm5oueFOxUVmkkQIVDrL5kz2v1m7zz.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\HISBNjl1TAUQj5QowDRPO2YbmI6J13.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\Sm5oueFOxUVmkkQIVDrL5kz2v1m7zz.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\HISBNjl1TAUQj5QowDRPO2YbmI6J13.bat" "