Техническая информация
- [<HKCU>\Software\Microsoft\Windows\Currentversion\Run] '{A552C87B-4329-63D3-ABB0-515572180511}' = '%APPDATA%\Cyhiu\awun.exe'
- %WINDIR%\syswow64\cmd.exe
- <SYSTEM32>\conhost.exe
- iexplore.exe
- %APPDATA%\cyhiu\awun.exe
- %TEMP%\pest.txt
- %TEMP%\hdisk.txt
- %TEMP%\tmpc65ed244.bat
- DNS ASK wo##ooco.in
- '%APPDATA%\cyhiu\awun.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\tmpc65ed244.bat"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /ksysteminfo>C:\\Users\\user\\AppData\\Local\\Temp\\pest.txt
- '%WINDIR%\syswow64\systeminfo.exe'
- '%WINDIR%\syswow64\cmd.exe' /kdir c:>C:\\Users\\user\\AppData\\Local\\Temp\\HDisk.txt
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\tmpc65ed244.bat"