Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\hook.lnk
- %TEMP%\ixp000.tmp\cyggcc~1.dll
- %TEMP%\ixp000.tmp\cygstd~1.dll
- %TEMP%\ixp000.tmp\cygwin1.dll
- %TEMP%\ixp000.tmp\hook.exe
- %TEMP%\ixp000.tmp\setup.bat
- %WINDIR%64\cyggcc~1.dll
- %WINDIR%64\cygstd~1.dll
- %WINDIR%64\cygwin1.dll
- %WINDIR%64\hook.exe
- %WINDIR%64\setup.bat
- %TEMP%\23534-15258-23537-12164.vbs
- %WINDIR%64\euulpfinox-client-ev.sys
- %WINDIR%64\euulpfinox-client1.sys
- %TEMP%\23534-15258-23537-12164.vbs
- %TEMP%\ixp000.tmp\setup.bat
- %TEMP%\ixp000.tmp\hook.exe
- %TEMP%\ixp000.tmp\cygwin1.dll
- %TEMP%\ixp000.tmp\cygstd~1.dll
- %TEMP%\ixp000.tmp\cyggcc~1.dll
- %WINDIR%64\cyggcc~1.dll в %WINDIR%64\cyggcc_s-seh-1.dll
- %WINDIR%64\cygstd~1.dll в %WINDIR%64\cygstdc++-6.dll
- '51.##.122.43':8080
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '<SYSTEM32>\cscript.exe' /nologo "%TEMP%\23534-15258-23537-12164.vbs"
- '%WINDIR%64\hook.exe'
- '<SYSTEM32>\cmd.exe' /c setup.bat' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c setup.bat
- '<SYSTEM32>\setx.exe' HookEnv "%WINDIR%64"
- '<SYSTEM32>\cmd.exe' /c reg query "HKCU\Environment" /v PATH | findstr /i path
- '<SYSTEM32>\reg.exe' query "HKCU\Environment" /v PATH
- '<SYSTEM32>\findstr.exe' /i path
- '<SYSTEM32>\setx.exe' PATH %WINDIR%64;