Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- <SYSTEM32>\tasks\fd1eae570e9e60858ce0554c11e59601
- C:\svcruntime\cgoonqskwl2sielnx83g.exe
- C:\svcruntime\eq3sqzcim6u9k1ekslrvfqktdhygi8.vbs
- C:\svcruntime\fsiqcbvhdegtlkgvy3m9cqpteyw2wr.bat
- C:\svcruntime\pctgrogpptwwxgtb3rn6mfvc0vrxsk.bat
- C:\svcruntime\vmcheck32.dll
- C:\svcruntime\hostperf.exe
- C:\svcruntime\system.vbe
- C:\svcruntime\system.lnk
- '14#.#54.68.59':80
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\svcruntime\eQ3SQZciM6U9k1EKsLRvFqkTdHYgi8.vbs"
- 'C:\svcruntime\cgoonqskwl2sielnx83g.exe' -p027ddd9602f90ab3139638d3ae6d2dd305d96fc8
- '%WINDIR%\syswow64\wscript.exe' "C:\svcruntime\System.vbe"
- 'C:\svcruntime\hostperf.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\svcruntime\fsIqCBVhdegtLKgVY3m9cQPtEyw2WR.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\svcruntime\pctgRogppTWwxgTB3Rn6MfVC0vRXSk.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\svcruntime\fsIqCBVhdegtLKgVY3m9cQPtEyw2WR.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\svcruntime\pctgRogppTWwxgTB3Rn6MfVC0vRXSk.bat" "