Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = '%APPDATA%\UpdateService\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- %APPDATA%\updateservice\msg.vbs
- %APPDATA%\updateservice\mos
- %APPDATA%\updateservice\j2psqmpxpdhar9ygjnhpm6wujjdcnn.bat
- %APPDATA%\updateservice\vmcheck32.dll
- %APPDATA%\updateservice\fontreview.exe
- %APPDATA%\updateservice\system.vbe
- %APPDATA%\updateservice\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- %APPDATA%\updateservice\winlog.lnk
- DNS ASK ko###off.xyz
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\UpdateService\System.vbe"
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\UpdateService\msg.vbs"
- '%APPDATA%\updateservice\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\UpdateService\j2PsQMpXpDhAr9ygJnhPm6WUjjdcNN.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%APPDATA%\UpdateService\j2PsQMpXpDhAr9ygJnhPm6WUjjdcNN.bat" "