Техническая информация
- <SYSTEM32>\tasks\nvngxupdatecheckdaily_{b7eefc42-fc42-fc42-fc42-b7eefc42fc42}
- %WINDIR%\explorer.exe
- %TEMP%\ead1.tmp
- %APPDATA%\hcjwdww
- %APPDATA%\duvajth
- %APPDATA%\hcjwdww
- %APPDATA%\duvajth
- %TEMP%\ead1.tmp
- %TEMP%\ead1.tmp
- 'ma###ost.host':80
- http://ma###ost.host/index.php
- DNS ASK ma###ost.host
- DNS ASK re###host.host
- ClassName: 'CicLoaderWndClass' WindowName: ''
- '%APPDATA%\hcjwdww'
- '<SYSTEM32>\regsvr32.exe' /s /n /u /i:"%APPDATA%\duvajth" scrobj' (со скрытым окном)
- '<SYSTEM32>\taskeng.exe' {1BDF91A8-AB7F-455D-BE62-FCC6E31E369F} S-1-5-21-1960123792-2022915161-3775307078-1001:vibmunfy\user:Interactive:[1]
- '<SYSTEM32>\regsvr32.exe' /s /n /u /i:"%APPDATA%\duvajth" scrobj