Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\uqdotkn35omt2sopcyay.exe
- C:\media\eba8uuncq5ofqtka7ozyx3i9yiv5cw.vbs
- C:\media\xnqedlkzpt0npysvxd0y3jgzrp1wwr.bat
- C:\media\pdzl4zarbv15g4jvo6lyb5pmaxytci.bat
- C:\media\vmcheck32.dll
- C:\media\dllhost.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- DNS ASK vk##oup.tk
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\EBA8uUNcQ5oFqtka7ozYX3i9YIv5cw.vbs"
- 'C:\media\uqdotkn35omt2sopcyay.exe' -pa6e09fd0fa6dc771cb570513bb2f1daa351ada54
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\dllhost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\XNQedLKzPt0npySvXD0Y3JgZRp1wwR.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\pdzL4ZARBV15G4jVO6lYb5pmaxYTCi.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\XNQedLKzPt0npySvXD0Y3JgZRp1wwR.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\pdzL4ZARBV15G4jVO6lYb5pmaxYTCi.bat" "