Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'T9a3pdj3FuhSU' = '"%TEMP%\ObOf7.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sZaiTDPpT1Ox8' = '"%TEMP%\ObOf7.exe"'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{5HZMVNHP-29SG-TJCK-EPV3-3NAT7QVUQDER}] 'StubPath' = '"%TEMP%\ObOf7.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{5HZMVNHP-29SG-TJCK-EPV3-3NAT7QVUQDER}] 'StubPath' = '"%TEMP%\ObOf7.exe"'
- <SYSTEM32>\cmd.exe /c """%TEMP%\Aq1L.bat"" "
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\Aq1L.bat
- %TEMP%\%USERNAME%2.txt
- %TEMP%\ObOf7.exe
- %APPDATA%\%USERNAME%log.dat
- %TEMP%\ObOf7.exe
- %TEMP%\%USERNAME%7
- %TEMP%\%USERNAME%8
- %TEMP%\%USERNAME%2.txt
- 'bu####ab.no-ip.biz':2010
- DNS ASK bu####ab.no-ip.biz
- ClassName: 'Indicator' WindowName: ''