Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- '%WINDIR%\InstallDir\Server.exe'
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.svr
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.dat
- %WINDIR%\InstallDir\Server.exe
- %TEMP%\nsi8749.tmp\System.dll
- %TEMP%\nst455A.tmp\System.dll
- %TEMP%\nsd4338.tmp\System.dll
- %TEMP%\nopuger.jan
- %TEMP%\hihezaludi.dll
- %TEMP%\fijanarori.dll
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.nfo
- %TEMP%\nsnC542.tmp\System.dll
- %TEMP%\Binicevuzew.dll
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.dat
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.svr
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.nfo
- %WINDIR%\InstallDir\Server.exe
- %TEMP%\nst455A.tmp\System.dll
- %TEMP%\nsd4338.tmp\System.dll
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.nfo
- %TEMP%\nsi8749.tmp\System.dll
- %APPDATA%\Roaming\Microsoft\Windows\aek84B9D\aek84B9D.svr
- %TEMP%\Binicevuzew.dll
- %TEMP%\nsnC542.tmp\System.dll
- %TEMP%\fijanarori.dll
- %TEMP%\nopuger.jan
- %TEMP%\hihezaludi.dll
- 'uz####n.no-ip.biz':5500
- DNS ASK dn#.##ftncsi.com
- DNS ASK uz####n.no-ip.biz
- ClassName: 'Indicator' WindowName: '(null)'