Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VN6utIxsJiM' = '<LS_APPDATA>\Microsoft\Windows\chcwfrc.exe'
- <LS_APPDATA>\Microsoft\Windows\chcwfrc.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\7995A31BE89452A10573A2609222E3B737B9619D
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\b36ac3e23900b4cc783694b07d68e3f0_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\System Volume Information\EFS0.LOG
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Wh83Wwg+MQUWfx58RCAxJCNRYxY4cGVQJjJpQXkGR0FRbFMwVwNYYgBTH3xIP2EgMh9uFi81bF8wdXgOdVIZEAM5DXBGUVFvFgUUexI7d2M+H28be2F3AXlxcUYiHRMMUyJe[1]
- <LS_APPDATA>\Microsoft\Windows\EFS0.TMP
- %TEMP%\bsggyujla.dll
- <LS_APPDATA>\Microsoft\Windows\chcwfrc.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\229cc92b-9ff1-44bb-8cb2-e26e4141f017
- C:\System Volume Information\EFS0.LOG
- <LS_APPDATA>\Microsoft\Windows\EFS0.TMP
- %TEMP%\bsggyujla.dll
- '66.##.157.85':80
- 66.##.157.85/Wh83Wwg+MQUWfx58RCAxJCNRYxY4cGVQJjJpQXkGR0FRbFMwVwNYYgBTH3xIP2EgMh9uFi81bF8wdXgOdVIZEAM5DXBGUVFvFgUUexI7d2M+H28be2F3AXlxcUYiHRMMUyJe
- 66.##.157.85/
- ClassName: 'Indicator' WindowName: ''