Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'A1334828441' = '"%APPDATA%\A1334828441.exe"'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] 'A1334828441' = '"%APPDATA%\A1334828441.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a1334828441.exe
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'TDeDeMainForm', WindowName: ''
- ClassName: 'TIdaWindow', WindowName: ''
- %TEMP%\temp1334828441.bat
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\a1334828441.exe
- %APPDATA%\a1334828441.exe
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\startup\a1334828441.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\a1334828441.exe
- %APPDATA%\a1334828441.exe
- DNS ASK cm##.whhcd.info
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'icu_dbg' WindowName: ''
- ClassName: 'pe-diy' WindowName: ''
- ClassName: '#32770' WindowName: 'Windows Task Manager'
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\temp1334828441.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\temp1334828441.bat" "