Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\suool4pxjehyvl4bjclq.exe
- C:\media\cdz3twdw9lfqwhvzfw64gby0faxrtp.vbs
- C:\media\hd8m7gugxnjfurrkqe7uspcfyufwpv.bat
- C:\media\6puatmyiusbu5c5ltnei2ct5w4wh6g.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- DNS ASK ho######847.hostland.pro
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Media\cdZ3TWdW9lFQwHVzfw64GBy0FaXrtp.vbs"
- 'C:\media\suool4pxjehyvl4bjclq.exe' -pfcf908cb081ab1ff2909b3d685ccfa1b245aa233
- '<SYSTEM32>\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\hd8M7gUgxnjFurrkQE7uspcFyuFWpV.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\6PuATMyIusBu5C5LTNeI2Ct5W4Wh6G.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\hd8M7gUgxnjFurrkQE7uspcFyuFWpV.bat" "
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\6PuATMyIusBu5C5LTNeI2Ct5W4Wh6G.bat" "