Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SetSysLog' = '"%APPDATA%\SetSysLog32.exe"'
- %TEMP%\7ZipSfx.000\Cli.exe /S
- <SYSTEM32>\sc.exe stop wscsvc
- <SYSTEM32>\sc.exe stop SharedAccess
- <SYSTEM32>\sc.exe config SharedAccess start= disabled
- <SYSTEM32>\cmd.exe /c WSH.bat
- <SYSTEM32>\sc.exe config wscsvc start= disabled
- %APPDATA%\SetSysLog32.exe
- %APPDATA%\AesLib.dcu
- %APPDATA%\EftGlobal.dcu
- %TEMP%\7ZipSfx.000\WSH.bat
- %TEMP%\7ZipSfx.000\AesLib.dcu
- %TEMP%\7ZipSfx.000\EftGlobal.dcu
- %TEMP%\7ZipSfx.000\Cli.exe
- '17#.#.221.155':64535
- ClassName: '' WindowName: 'Windows Task Manager'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''