Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'scrss' = '%APPDATA%\dotNET.lnk'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Wininit' = 'C:\Sysdll32.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\dotnet.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\sysdll32.lnk
- %TEMP%\mnb.exe
- %APPDATA%\daaca.exe
- %APPDATA%\dfsds.exe
- %APPDATA%\fsdffc.exe
- %APPDATA%\csrss.exe
- %APPDATA%\dotnet.lnk
- C:\daaca.exe
- C:\sysdll32.lnk
- %TEMP%\dal.exe
- %TEMP%\mnb.exe
- %APPDATA%\daaca.exe
- %APPDATA%\dfsds.exe
- %APPDATA%\fsdffc.exe
- %TEMP%\dal.exe
- '80.##.202.63':25998
- DNS ASK google-public-dns-a.google.com
- DNS ASK do###o.online
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\mnb.exe' -s -psfghrykjrsetdrfhjryuygs
- '%APPDATA%\fsdffc.exe'
- '%APPDATA%\dfsds.exe'
- '%APPDATA%\daaca.exe'
- '%APPDATA%\csrss.exe'
- '%TEMP%\dal.exe'