Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Remote Registry Service' = 'repsvc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'dJ3' = '%APPDATA%\repsvc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '0hzbB' = '%APPDATA%\repsvc.exe'
- <SYSTEM32>\repsvc.exe
- <SYSTEM32>\cmd.exe /c """%TEMP%\Dqk0qFCRnn.bat"" "
- %APPDATA%\repsvc.exe
- <SYSTEM32>\repsvc.exe
- %TEMP%\Dqk0qFCRnn.bat
- %APPDATA%\repsvc.exe
- <SYSTEM32>\repsvc.exe
- 'as###.noneweb.info':9595
- DNS ASK as###.noneweb.info
- ClassName: 'Indicator' WindowName: ''