Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jsg8jfgfdfhfhf' = '"%TEMP%\winlogun.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jsg8jfgfdfhfhf' = '"%TEMP%\winlogun.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] '{C5AF42A3-94F3-42BD-F634-3604832C897D}' = 'hjse7fw3jnefi7wejfndd'
- <SYSTEM32>\regsvr32.exe /s <SYSTEM32>\gseb37dkjgfgf.dll
- Библиотека-обработчик для всех процессов: <SYSTEM32>\gseb37dkjgfgf.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\un2[1].php
- %TEMP%\1518676360.exe
- %TEMP%\1545082610.exe
- %TEMP%\1535082610.exe
- %TEMP%\1508676360.exe
- %TEMP%\winlogun.exe
- <SYSTEM32>\gseb37dkjgfgf.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cd[1].php
- %TEMP%\reag378dkjnkdf.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cd[1].php
- 'localhost':1038
- 'je##.name':80
- 'localhost':1035
- je##.name/cd/un2.php?id########################
- je##.name/cd/cd.php?id########################
- DNS ASK je##.name
- ClassName: 'sdflmxcvc904wefodfld' WindowName: 'ghjfhjhf0'
- ClassName: 'Indicator' WindowName: ''