Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\hgrarhapeglnilgkgrwy.exe
- C:\media\ok1mspfg6bmstlrb9lz3wqsotkhgni.vbs
- C:\media\jmsvvo5ayf1gpr2fdkulrxvqypa8pa.bat
- C:\media\jjsj6ndujdgu4unuh8zilafywingq0.bat
- C:\media\vmcheck32.dll
- C:\media\everything-1.4.1.935.x86-setup.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- DNS ASK u6###8.onhh.ru
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\Ok1MSPfG6bmSTLrB9lZ3wQsoTkhgNI.vbs"
- 'C:\media\hgrarhapeglnilgkgrwy.exe' -p251c48aafd7d7cd406459df3ccd738f31464b4a6
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\everything-1.4.1.935.x86-setup.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\JMSVVo5Ayf1gPr2FdKULRXvQyPA8Pa.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\jjSJ6NDUjdGU4unuH8ziLaFyWiNgq0.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\JMSVVo5Ayf1gPr2FdKULRXvQyPA8Pa.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\jjSJ6NDUjdGU4unuH8ziLaFyWiNgq0.bat" "