Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'msconfig' = '<SYSTEM32>\q0qkv.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\currentVersion\image file Execution options\egui.exe] 'Debugger' = 'services.exe'
- [<HKLM>\System\CurrentControlSet\Services\vb] 'ImagePath' = '%TEMP%\~119258.ex'
- 'vb' %TEMP%\~119258.ex
- %TEMP%\~119258.ex
- %TEMP%\~119258.exe
- %WINDIR%\syswow64\q0qkv.exe
- %WINDIR%\temp\udd473c.tmp
- %WINDIR%\temp\udd473c.tmp
- %TEMP%\~119258.ex
- DNS ASK tx#.#odxw.com
- ClassName: 'ConsoleWindowClass' WindowName: ''
- '%TEMP%\~119258.exe'
- '%WINDIR%\syswow64\cmd.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe'