Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Svchost' = '%TEMP%\Win32\svchost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '538981119493442' = '%APPDATA%\538981119493442\538981119493442A.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sppsvcsw' = '%APPDATA%\Microsoft\sppsvcsw.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Vhost' = '%ALLUSERSPROFILE%\Documents\Backup\Vhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Taskhost' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Taskhost' = '%ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Vhost' = '%ALLUSERSPROFILE%\Documents\Backup\Vhost.exe'
- %TEMP%\Data\Dcart1.dll
- %APPDATA%\538981119493442\538981119493442A.exe
- %APPDATA%\Microsoft\sppsvcsw.exe
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe
- %ALLUSERSPROFILE%\Documents\Backup\Vhost.exe
- %TEMP%\Win32\svchost.exe
- %APPDATA%\538981119493442\538981119493442A.exe
- %APPDATA%\Microsoft\sppsvcsw.exe
- %TEMP%\Win32\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Taskhost\Taskhost.exe
- %ALLUSERSPROFILE%\Documents\Backup\Vhost.exe
- 'dl.#####oxusercontent.com':443
- DNS ASK dl.#####oxusercontent.com
- ClassName: 'Indicator' WindowName: '(null)'