Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = '%TEMP%\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- %TEMP%\media\g0v8y18qoryno2i0rs6w.exe
- %TEMP%\media\l3wiwftqxfxzo7vx71uphddr3ilope.vbs
- %TEMP%\media\mnsarkjkmvh88sojqi3gcvg0cqirxw.bat
- %TEMP%\media\dsh3u8kqd5tlughooxjefg1o7bwptd.bat
- %TEMP%\media\vmcheck32.dll
- %TEMP%\media\fontreview.exe
- %TEMP%\media\system.vbe
- %TEMP%\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- %TEMP%\media\winlog.lnk
- DNS ASK da########lrat.000webhostapp.com
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Media\L3WiwftqxFXZo7vX71UPhDDr3ilope.vbs"
- '%TEMP%\media\g0v8y18qoryno2i0rs6w.exe' -p262c440d4ba7b8668f7115f4298412d108302b7c
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\Media\System.vbe"
- '%TEMP%\media\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Media\MnSarkjKmVh88SOJQi3gcVG0cQiRxW.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Media\Dsh3U8Kqd5tLUGhooXjEfg1O7bwpTD.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Media\MnSarkjKmVh88SOJQi3gcVG0cQiRxW.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\Media\Dsh3U8Kqd5tLUGhooXjEfg1O7bwpTD.bat" "