Техническая информация
- [<HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'WINDOWS' = '%WINDIR%\cpt.exe'
- [\REGISTRY\USER\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] 'WINDOWS' = '%WINDIR%\SysWOW64\SB360.exe'
- [<HKLM>\System\CurrentControlSet\Services\Fghijk Mnopqrst Vwx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Fghijk Mnopqrst Vwx] 'ImagePath' = '<SYSTEM32>\SB360.exe'
- cpt.exe
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %WINDIR%\cpt.exe
- %WINDIR%\gif.png
- %WINDIR%\soundbox.dll
- C:\5024.vbs
- C:\5024.vbs
- %WINDIR%\cpt.exe в %WINDIR%\syswow64\sb360.exe
- ClassName: '18467-41' WindowName: ''
- '%WINDIR%\cpt.exe'
- '%WINDIR%\syswow64\sb360.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\5024.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\5024.vbs"' (со скрытым окном)