Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- <SYSTEM32>\tasks\d7220d1e07d8caf0b23644d0700c7a3b
- C:\reviewwin\lnsijlx8ifcjvaybixqz.exe
- C:\reviewwin\kzpm1yje6iz8hcbgycgektcwwo6iym.vbs
- C:\reviewwin\6njsmuvjnsvzsdwbiqykpnh9fhknjz.bat
- C:\reviewwin\dclib\antivm.dclib
- C:\reviewwin\dclib\antiwindowsdefender.dclib
- C:\reviewwin\bkb3mtwdvjshiu8tugtnhmdnefr7k4.bat
- C:\reviewwin\vmcheck32.dll
- C:\reviewwin\driverperf.exe
- C:\reviewwin\system.vbe
- C:\reviewwin\system.lnk
- http://my#####omen.zzz.com.ua/h5xx0vhn7eg1680b4ixlh2ns1eryiw3mmr4ercfpwkjnn69pys2429k5gixefofc84zmou7/uxf6l650kqv9f5i1upmat81gaeibnhdq4om7lt7ejk/f93c4c9238ac074773c187359fcde06aaeba3b4c.php?ff#...
- DNS ASK my#####omen.zzz.com.ua
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\reviewwin\KZpM1yje6iZ8HcBGyCGekTcWwO6iym.vbs"
- 'C:\reviewwin\lnsijlx8ifcjvaybixqz.exe' -pa9d86e88d8261ce7993089389ebfe74581c4b1e3
- '%WINDIR%\syswow64\wscript.exe' "C:\reviewwin\System.vbe"
- 'C:\reviewwin\driverperf.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\reviewwin\6NjsmuVJNSvZSdWbIqYkPnH9FhknjZ.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\reviewwin\BkB3mTWdvjSHIu8tuGtNhmdNefR7K4.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\reviewwin\6NjsmuVJNSvZSdWbIqYkPnH9FhknjZ.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\reviewwin\BkB3mTWdvjSHIu8tuGtNhmdNefR7K4.bat" "