Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{W80U46W4-3T8M-38PV-U301-5C2IOP35F8NS}] 'StubPath' = '%WINDIR%\install\server.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = ''
- '%WINDIR%\install\server.exe'
- '%TEMP%\FileTmp.exe'
- %APPDATA%\logs.dat
- %TEMP%\XX--XX--XX.txt
- %TEMP%\UuU.uUu
- %TEMP%\XxX.xXx
- %WINDIR%\install\server.exe
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\d7c732ba-47c1-49c8-bdbf-a74a1e5476b7
- %TEMP%\FileTmp.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\699c4b9cdebca7aaea5193cae8a50098_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\logs.dat
- %TEMP%\UuU.uUu
- %TEMP%\XxX.xXx
- %TEMP%\XX--XX--XX.txt
- %TEMP%\FileTmp.exe
- 'to#####ombies.no-ip.org':3176
- DNS ASK to#####ombies.no-ip.org