Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Enrckwn' = 'C:\Users\Public\nwkcrnE.url'
- %WINDIR%\syswow64\logagent.exe
- C:\users\public\enrckwn.exe
- C:\users\public\nwkcrne.url
- C:\users\public\cdex.bat
- C:\users\public\enrckwno.bat
- C:\users\public\enrckwnt.bat
- C:\users\public\null
- nul
- C:\users\public\cdex.bat
- C:\users\public\enrckwno.bat
- C:\users\public\enrckwnt.bat
- 'on####ve.live.com':443
- 'gy####.#y.files.1drv.com':443
- 'on####ve.live.com':443
- 'gy####.#y.files.1drv.com':443
- DNS ASK on####ve.live.com
- DNS ASK gy####.#y.files.1drv.com
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Enrckwnt.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\logagent.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Enrckwnt.bat" "
- '%WINDIR%\syswow64\cmd.exe' /K C:\Users\Public\EnrckwnO.bat
- '%WINDIR%\syswow64\net.exe' session
- '%WINDIR%\syswow64\net1.exe' session
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'"