Техническая информация
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Images' = '%PROGRAMDATA%\images.exe'
- %WINDIR%\explorer.exe
- %TEMP%\mnbdf.exe
- %APPDATA%\efsdgrfsdaefv.exe
- %PROGRAMDATA%\images.exe
- %TEMP%\dal.exe
- %APPDATA%\efsdgrfsdaefv.exe
- %TEMP%\dal.exe
- '18#.#51.38.114':5200
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\mnbdf.exe' -s -psfghrykjrsetdrfhjryuygs
- '%APPDATA%\efsdgrfsdaefv.exe'
- '%PROGRAMDATA%\images.exe'
- '%TEMP%\dal.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\