Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystemDebugger' = '%HOMEPATH%\svchost.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\SystemDebugger.lnk
- %HOMEPATH%\Start Menu\Programs\Startup\systemDir.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\systemDir.lnk
- %HOMEPATH%\win.exe
- %HOMEPATH%\svchost.exe
- <SYSTEM32>\wscript.exe "%HOMEPATH%\sysDebug.vbs"
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v SystemDebugger /t REG_SZ /d "%HOMEPATH%\svchost.exe" /f
- <SYSTEM32>\ipconfig.exe /all
- <SYSTEM32>\xcopy.exe "%TEMP%\systemDir.lnk" "%ALLUSERSPROFILE%\Start Menu\Programs\Startup" /Y
- <SYSTEM32>\xcopy.exe "%TEMP%\systemDir.lnk" "%HOMEPATH%\Start Menu\Programs\Startup" /Y
- %TEMP%\systemDir.lnk
- %TEMP%\iconfall.log
- %HOMEPATH%\sysDebug.vbs
- %HOMEPATH%\win.exe
- %HOMEPATH%\svchost.exe
- %HOMEPATH%\WMSysPr9.vmx
- %HOMEPATH%\sysDebug.vbs
- %TEMP%\iconfall.log
- 'co####itveedge.org':80
- co####itveedge.org/mean.php
- DNS ASK co####itveedge.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''