Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WsNetup' = '<SYSTEM32>\_xx_ego.dll.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{68635FF7-E1EE-4620-AD89-9B997D8C16DE}] 'StubPath' = '<SYSTEM32>\_xx_ego.dll.exe'
- <SYSTEM32>\_xx_ego.dll.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\_xx_ego.dll.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\NjkyNzQ0NjU4NzA3M.NDc2NjY4NzE3NTM4O
- %TEMP%\aut2.tmp
- %TEMP%\NjkyNzQ0NjU4NzA3M.NDc2NjY4NzE3NTM4O
- %TEMP%\aut1.tmp
- 'il#####xx33.no-ip.biz':1337
- DNS ASK il#####xx33.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''