Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VirtualAssistXPatcher' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefender' = '%APPDATA%\windefender.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- <SYSTEM32>\wscript.exe "%TEMP%\mcastemp.vbs"
- %TEMP%\dw.log
- %TEMP%\TCrdMain.exe
- %TEMP%\24164.dmp
- <SYSTEM32>\VirtualAssistXPatcher.zgy
- %TEMP%\mcastemp.vbs
- %TEMP%\windefender.exe.jpg
- %TEMP%\mcastemp.vbs
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe в %APPDATA%\windefender.exe
- 'kr####nsoftware.net':80
- kr####nsoftware.net/private/bs//cmd.php?ke############################
- kr####nsoftware.net/private/bs//alive.php?ke##################################################################################
- DNS ASK kr####nsoftware.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''