Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '36cce904' = '%APPDATA%\36cce904\ec69da1d6c.exe'
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\explorer.exe
- %APPDATA%\state.tmp
- %APPDATA%\36cce904\ec69da1d6c.exe
- '18.#.0.1':9
- 'my####rnalip.com':80
- 'cu###yip.com':80
- '17#.#5.193.9':80
- 'localhost':1039
- '12#.31.0.39':9101
- 'ip##ddr.es':80
- http://cu###yip.com/
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- DNS ASK cu###yip.com
- DNS ASK my####rnalip.com
- DNS ASK ip##ddr.es
- ClassName: 'Indicator' WindowName: ''