Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bs_ealx' = '%APPDATA%\tealth.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'giailium32' = '%APPDATA%\BRF Data\giaiy64.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run] 'bs_ealx' = '%APPDATA%\tealth.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'bs_ealx' = '%APPDATA%\tealth.exe'
- '%APPDATA%\BRF Data\giaiy64.exe'
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "giailium32" /t REG_SZ /d "%APPDATA%\BRF Data\giaiy64.exe" /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WONVK.bat" "
- '<SYSTEM32>\ipconfig.exe'
- <SYSTEM32>\ipconfig.exe
- %TEMP%\WONVK.txt
- %TEMP%\WONVK.bat
- %APPDATA%\tealth.exe
- %APPDATA%\BRF Data\giaiy64.exe
- %TEMP%\WONVK.txt
- %TEMP%\~DF2664.tmp
- %APPDATA%\BRF Data\giaiy64.exe в %APPDATA%\tealth.exe
- 'cr####.servemp3.com':5146
- DNS ASK cr####.servemp3.com
- ClassName: 'Indicator' WindowName: '(null)'