Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'CRNJEUFU' = '<SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Burn\CRNJEUFU" ServiceMain'
- '<SYSTEM32>\rundll32.exe' %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\8DB1CP~1.DLL #1
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Prod.t
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Exit.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Burn\CRNJEUFU.dll
- <Полный путь к файлу>
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\8DB1CP_One.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Proe.t
- <Полный путь к файлу>
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\JTEVxD.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Prod.t
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Exit.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Proe.t
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\8DB1CP_One.dll в %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\JTEVxD.dll
- 'dt#.dnsd.me':6178
- 'dt#.#atuo.com':6178
- 'dt##.mooo.com':6178
- DNS ASK dt#.dnsd.me
- DNS ASK dt#.#atuo.com
- DNS ASK dt##.mooo.com