Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = 'regsvr32 /n /i /s "<LS_APPDATA>\qdrjotrn.jvj"'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ctfmon.lnk
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\dx55jy67ca0fr33mql[1]
- <LS_APPDATA>\qdrjotrn.jvj
- %ALLUSERSPROFILE%\Application Data\dyrbmz.vvi
- 'dx#####7ca0fr33mql.com':80
- dx#####7ca0fr33mql.com/?fa#############################################################################
- DNS ASK dx#####7ca0fr33mql.com