Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'jenuxasbrb' = '%APPDATA%\Roaming\Microsoft\dwi.vbs'
- '%APPDATA%\Roaming\BitTorrent.exe'
- '<SYSTEM32>\reg.exe' ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v jenuxasbrb /d "%APPDATA%\Roaming\Microsoft\dwi.vbs"
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Roaming\Microsoft\dwi.vbs"
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\Roaming\Microsoft\Protect\S-1-5-21-2832440558-3064306045-1455513625-1000\2fc01b91-f8ec-4b88-a07e-03ca5172c090
- %APPDATA%\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2832440558-3064306045-1455513625-1000\9d1627c087e30ee6fe8c9cce3c77e841_97c09787-6498-4b10-8f65-9471d842c55e
- %APPDATA%\Roaming\tdwbtqeghe.bat
- %TEMP%\uttFD80.tmp
- %APPDATA%\Roaming\BitTorrent.exe
- %APPDATA%\Roaming\Microsoft\dwi.vbs
- <SYSTEM32>\GroupPolicy\gpt.ini
- %TEMP%\uttFD80.tmp
- DNS ASK ro####.utorrent.com
- DNS ASK go#####ervice.no-ip.org
- DNS ASK ro####.bittorrent.com
- DNS ASK ct###.#indowsupdate.com
- DNS ASK dn#.##ftncsi.com
- ClassName: 'Shell_TrayWnd' WindowName: ''