Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FpVnBSwRAF' = '%APPDATA%\E7fbosJ9\TFCvRNf.exe.lnk'
- %HOMEPATH%\Start Menu\Programs\Startup\lsass.exe
- '%HOMEPATH%\Start Menu\Programs\Startup\lsass.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "FpVnBSwRAF" /t REG_SZ /d "%APPDATA%\E7fbosJ9\TFCvRNf.exe.lnk"
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].htm
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].htm
- %APPDATA%\E7fbosJ9\nJRgqSP
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].htm
- %APPDATA%\E7fbosJ9\nJRgqSP в %APPDATA%\E7fbosJ9\TFCvRNf.exe
- 'ge####tiingteams.in':80
- DNS ASK ge####tiingteams.in
- ClassName: 'Indicator' WindowName: '(null)'