Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'zzshfklajk' = '%HOMEPATH%\zzshfklajk\fykWz.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\schtasks.exe' /create /f /tn "TCP Service" /xml "%TEMP%\tmpC34E.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- <SYSTEM32>\Tasks\TCP Service
- %APPDATA%\Roaming\FDAAD129-04DF-4089-BB80-174CE725F721\task.dat
- %APPDATA%\Roaming\FDAAD129-04DF-4089-BB80-174CE725F721\run.dat
- %TEMP%\tmpC34E.tmp
- %TEMP%\tmpC34E.tmp
- 'x2#.#o-ip.biz':1604
- DNS ASK dn#.##ftncsi.com
- DNS ASK x2#.#o-ip.biz