Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\kq0tpztzbrhtnlowa7ne.exe
- C:\media\im6prin1hl9d3nimcq5cjsgrqsdeap.vbs
- C:\media\q9cwlcrcho6i0oqfd7knwlz3vxamdk.bat
- C:\media\kol7pnitm8ay1s11t6u5tlwlupbjrz.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\Im6PriN1hL9d3NiMcQ5cJSGRqSdEaP.vbs"
- 'C:\media\kq0tpztzbrhtnlowa7ne.exe' -p23b5643ae381d6adc7646978f53e859680955733
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\q9CwLcrCHO6I0oqfD7KNWlZ3vXaMDK.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\kol7pNITM8aY1S11t6U5TLWLUPBjrz.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\q9CwLcrCHO6I0oqfD7KNWlZ3vXaMDK.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\kol7pNITM8aY1S11t6U5TLWLUPBjrz.bat" "