Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender Updater' = '%TEMP%\cc3a68ce1dad95ce662e1c51f1568e3a.exe / start'
- %APPDATA%\microsoft\windows\start menu\programs\startup\hetsm.exe.lnk
- '' (загружен из сети Интернет)
- '%APPDATA%\9087654356798654.exe'
- 9087654356798654.exe
- %HOMEPATH%\desktop\dashborder_192.bmp
- %HOMEPATH%\desktop\dashborder_96.bmp
- %HOMEPATH%\desktop\fi51.doc
- %APPDATA%\9087654356798654.exe
- %TEMP%\fb_aa66.tmp.exe
- %TEMP%\fb_ad65.tmp.exe
- %TEMP%\cc3a68ce1dad95ce662e1c51f1568e3a.exe
- %TEMP%\info.txt
- %TEMP%\2020-03-23-04-55-screenshot.png
- 'ho##kk.com':80
- http://bi#.ly/33xm3o8
- http://po##it.net/B/9051077.jpg
- http://ho##kk.com/0x//gate.php?hw###################
- http://ho##kk.com/0x//logs.php?hw###################
- http://ho##kk.com/0x//screen.php?hw###################
- DNS ASK bi#.ly
- DNS ASK po##it.net
- DNS ASK ho##kk.com
- '%TEMP%\fb_aa66.tmp.exe'
- '%TEMP%\fb_ad65.tmp.exe'
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding