Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'charosk' = '%APPDATA%\cscrst3g\compsc.exe'
- [<HKLM>\System\CurrentControlSet\Services\mobsutou] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\mobsutou] 'ImagePath' = '<SYSTEM32>\mobsutou.exe -s'
- 'mobsutou' <SYSTEM32>\mobsutou.exe -s
- %WINDIR%\explorer.exe
- iexplore.exe
- Процесс iexplore.exe, модуль wininet.dll
- Процесс firefox.exe, модуль nss3.dll
- %APPDATA%\cscrst3g\compsc.exe
- %WINDIR%\syswow64\mobsutou.exe
- %TEMP%\~4337.tmp
- %TEMP%\~43b5.tmp
- %TEMP%\~454b.tmp
- %TEMP%\~4826.tmp
- %WINDIR%\temp\~495e.tmp
- %TEMP%\~4e13.tmp
- %TEMP%\~4337.tmp
- %TEMP%\~43b5.tmp
- %TEMP%\~454b.tmp
- %WINDIR%\temp\~495e.tmp
- %TEMP%\~4826.tmp
- %TEMP%\~4e13.tmp
- '%APPDATA%\cscrst3g\compsc.exe'
- '%WINDIR%\syswow64\mobsutou.exe' -s
- '%TEMP%\~4337.tmp' 250376 2336 1
- '%TEMP%\~43b5.tmp' 250376 2336 2
- '%TEMP%\~454b.tmp' 250376 2336 2
- '%TEMP%\~4826.tmp' 250376 888 2
- '%WINDIR%\temp\~495e.tmp' 250376 2192 2
- '%TEMP%\~4e13.tmp' 250376 2336 2