Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\XboxUpgradeAgent\Parameters] 'ServiceDll' = '<SYSTEM32>\xboxcloudstor.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\XboxUpgradeAgent] 'ImagePath' = '<SYSTEM32>\svchost.exe -k xboxcloudstorage'
- [<HKLM>\SYSTEM\ControlSet001\Services\XboxUpgradeAgent] 'Start' = '00000002'
- '<SYSTEM32>\attrib.exe' -s "del /Q /a "s"\*.*
- '<SYSTEM32>\ping.exe' 200.200.200.200 -n 5
- '<SYSTEM32>\svchost.exe' -k xboxcloudstorage
- '<SYSTEM32>\cmd.exe' /c %TEMP%\\autoexec.bat
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\index2[1].php
- %WINDIR%\Temp\327.jpg
- <SYSTEM32>\xboxcloudstor.dll
- %TEMP%\autoexec.bat
- '2w######li5tvn6s.onion.to':80
- 'localhost':1037
- http://2w######li5tvn6s.onion.to/index2.php?no########
- DNS ASK 2w######li5tvn6s.onion.to