Техническая информация
- <SYSTEM32>\tasks\svchost
- C:\netdll\gl03uyoxppoeksepgctkkfdevvyqzf.bat
- C:\netdll\intoref.exe
- C:\netdll\5vu7j8ftbzp8pwqieqr2zeno06ivms.vbe
- %WINDIR%\panther\setup.exe\svchost.exe
- %TEMP%\cb29eefdb739a9e4428fcfdd13c3cadf
- %ProgramFiles%\gg\svchost.exe
- http://80.##.194.177/tczkep216tj1b01zd4tt5kfqpu1o5he42sg3fpdquzh2bmy3lwj7ahhg8vivuye2vpa9r/9k8au94k7tjocg2m5mwfeds8bqyivu9e76ijfsjtxxl84c7uyec/abfbb768b2cf1a61fa2571aee862f3006b843231.php?a3###...
- http://80.##.194.177/tczkep216tj1b01zd4tt5kfqpu1o5he42sg3fpdquzh2bmy3lwj7ahhg8vivuye2vpa9r/9k8au94k7tjocg2m5mwfeds8bqyivu9e76ijfsjtxxl84c7uyec/abfbb768b2cf1a61fa2571aee862f3006b843231.php?5e###...
- http://80.##.194.177/tczkep216tj1b01zd4tt5kfqpu1o5he42sg3fpdquzh2bmy3lwj7ahhg8vivuye2vpa9r/9k8au94k7tjocg2m5mwfeds8bqyivu9e76ijfsjtxxl84c7uyec/wyq4npaj9egemqkq5ddkw93l6/698ec7f24eaf12338eed5ca1...
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\netdll\5vU7J8FtbZP8PWQIEQr2zENO06iVMS.vbe"
- 'C:\netdll\intoref.exe'
- '%ProgramFiles%\gg\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\netdll\Gl03uyOXpPoEKSePgctkkFDeVVyqzf.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\netdll\Gl03uyOXpPoEKSePgctkkFDeVVyqzf.bat" "
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "'%WINDIR%\Panther\setup.exe\svchost.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "svchost" /sc ONLOGON /tr "'%ProgramFiles%\gg\svchost.exe'" /rl HIGHEST /f