Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PuyYR0E2' = '"%LOCALAPPDATA%\btest\app1.exe" http://109.201.135.121/gsi.php'
- '%WINDIR%\syswow64\taskkill.exe' /f /im app1.exe
- %TEMP%\nsr21b4.tmp\pwgen.dll
- %TEMP%\nsr21b4.tmp\nsexec.dll
- %LOCALAPPDATA%\btest\app1.exe
- %TEMP%\nsr21b4.tmp\nsexec.dll
- %TEMP%\nsr21b4.tmp\pwgen.dll
- http://10#.#01.135.121/gsi.php
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%LOCALAPPDATA%\btest\app1.exe' "http://10#.#01.135.121/gsi.php"
- '%WINDIR%\syswow64\taskkill.exe' /f /im app1.exe' (со скрытым окном)