Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mupa' = '%LOCALAPPDATA%\Mupa\Mupa.hta'
- %LOCALAPPDATA%\mupa\mupaset.exe
- %LOCALAPPDATA%\mupa\mupa.hta
- %LOCALAPPDATA%\mupa\fuck
- C:\users\public\cde.bat
- C:\users\public\x.bat
- C:\users\public\x.vbs
- C:\users\public\natso.bat
- C:\users\public\propsys.dll
- C:\users\public\fodhelper.exe
- C:\users\public\runex.bat
- %WINDIR% \system32\fodhelper.exe
- %WINDIR% \system32\propsys.dll
- %APPDATA%\cosp\dos.dt
- C:\users\public\x.bat
- C:\users\public\propsys.dll
- C:\users\public\runex.bat
- C:\users\public\fodhelper.exe
- C:\users\public\natso.bat
- C:\users\public\cde.bat
- C:\users\public\x.vbs
- 'co##ta68.ga':2266
- DNS ASK co##ta70.ga
- DNS ASK co##ta69.ga
- DNS ASK co##ta68.ga
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Natso.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Runex.bat' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Natso.bat
- '%WINDIR%\syswow64\reg.exe' delete hkcu\Environment /v windir /f
- '%WINDIR%\syswow64\reg.exe' add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
- '%WINDIR%\syswow64\schtasks.exe' /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
- '%WINDIR%\syswow64\cmd.exe' /c C:\Users\Public\Runex.bat
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'