Техническая информация
- '%WINDIR%\Temp\svch0st.exe'
- '<SYSTEM32>\ntvdm.exe' -f -i1
- '<SYSTEM32>\cmd.exe' /c afc9fe2f418b00a0.bat
- %WINDIR%\Temp\crypted.exe
- %TEMP%\aut2.tmp
- %WINDIR%\Temp\Crypt.dll
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\scs3.tmp
- %TEMP%\server.exe
- <SYSTEM32>\GroupPolicy\gpt.ini
- %WINDIR%\Temp\svchost.exe
- %WINDIR%\Temp\svch0st.exe
- %TEMP%\aut1.tmp
- <Текущая директория>\afc9fe2f418b00a0.bat
- <SYSTEM32>\GroupPolicy\user\Scripts\script.ini
- %TEMP%\server.exe
- %WINDIR%\Temp\scs3.tmp
- %WINDIR%\Temp\scs4.tmp
- %WINDIR%\Temp\crypted.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %WINDIR%\Temp\Crypt.dll
- <SYSTEM32>\GroupPolicy\user\Scripts\script.ini в <SYSTEM32>\GroupPolicy\user\Scripts\scripts.ini
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-b50.b54.390001'