Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Framework' = '%ProgramFiles%\uTXoZL.lnk'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\Policies\Explorer\Run] '27469' = '%ProgramFiles%\locals~1\Temp\msccqsft.com'
- %WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe
- %WINDIR%\syswow64\svchost.exe
- %PROGRAMDATA%\utxozl.folder
- %PROGRAMDATA%\utxozl.path
- %TEMP%\autd18f.tmp
- %PROGRAMDATA%\utxozl.exe
- %TEMP%\autd1de.tmp
- %PROGRAMDATA%\utxozl
- %TEMP%\autd1df.tmp
- %TEMP%\name.exe
- %TEMP%\autd3a5.tmp
- %PROGRAMDATA%\utxozl.au3
- %ProgramFiles%\utxozl.backup
- %ProgramFiles%\utxozl.vbs
- %ProgramFiles%\utxozl.lnk
- %ProgramFiles%\locals~1\temp\msccqsft.com
- %ProgramFiles%\qoxthi3x
- %TEMP%\autd18f.tmp
- %TEMP%\autd1de.tmp
- %TEMP%\autd1df.tmp
- %TEMP%\autd3a5.tmp
- %ProgramFiles%\utxozl.vbs
- '<DNS_SERVER>':53
- '%PROGRAMDATA%\utxozl.exe' %PROGRAMDATA%\uTXoZL.au3
- '%WINDIR%\syswow64\wscript.exe' "%ProgramFiles%\uTXoZL.vbs"
- '%TEMP%\name.exe'
- '%PROGRAMDATA%\utxozl.exe' %PROGRAMDATA%\uTXoZL.au3' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\uTXoZL.vbs' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe'
- '%WINDIR%\syswow64\cmd.exe' /c %ProgramFiles%\uTXoZL.vbs
- '%WINDIR%\syswow64\svchost.exe'