Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A4F3BDE-6562-361A-2429-E905462850FB}] 'StubPath' = '%HOMEPATH%\poison\pi.exe'
- %HOMEPATH%\poison\pi.exe *init
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\poison\command13.cmd" "
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\poison\svchost.cmd" "
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\poison\command.cmd" "
- <SYSTEM32>\cmd.exe /c ""%HOMEPATH%\poison\command0.cmd" "
- %WINDIR%\Explorer.EXE
- %HOMEPATH%\poison\pi.exe
- %HOMEPATH%\poison\svchost.cmd
- <DRIVERS>\gmer.sys
- %WINDIR%\mfc.gui.dll
- %WINDIR%\gmer.dll
- %HOMEPATH%\poison\command0.cmd
- %HOMEPATH%\poison\command.cmd
- %HOMEPATH%\poison\gmer.sys
- %HOMEPATH%\poison\mfc.gui.dll
- %HOMEPATH%\poison\gmer.dll
- %HOMEPATH%\poison\command13.cmd
- %HOMEPATH%\poison\command0.cmd
- %HOMEPATH%\poison\command13.cmd
- %HOMEPATH%\poison\svchost.cmd
- %HOMEPATH%\poison\gmer.sys
- %HOMEPATH%\poison\gmer.dll
- %HOMEPATH%\poison\command.cmd
- 'an####e.no-ip.org':8080
- DNS ASK an####e.no-ip.org