Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\dclib\ak_33db8088017dd3ba0d1f7d0d6d211cb82b9f06dd.dclib
- C:\media\dclib\antivm.dclib
- C:\media\dclib\antiwindowsdefender.dclib
- C:\media\dclib\as_c07f7472ed0469e66b90bea3f8afee0ab215080e.dclib
- C:\media\8qf00fnppfyfydkzcs2xpqri4oe5ed.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- http://v1#####.hosted-by-vdsina.ru/amvsp76d7bg918ra28fnsefx677l88r0zewfjii2mxk3w5bz0mfwpoz6ol2x/1m6l3bmhgk19i2jno0d6ed/a81751008e84eaf79cace82b1a76299f34665f9e.php?da#########
- DNS ASK v1#####.hosted-by-vdsina.ru
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\8qf00fNpPFYfYdkzcS2XPqrI4oe5Ed.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\8qf00fNpPFYfYdkzcS2XPqrI4oe5Ed.bat" "
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose