Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'McW' = '"%APPDATA%\iJbpr\Mecu.exe"'
- '%APPDATA%\iJbpr\30EL\svchost.exe' --defaults-torrc "torrc-defaults" -f "torrc" DataDirectory "." --quiet
- '%APPDATA%\iJbpr\Mecu.exe'
- %APPDATA%\iJbpr\30EL\libeay32.dll
- %APPDATA%\iJbpr\30EL\libevent_core-2-0-5.dll
- %APPDATA%\iJbpr\30EL\geoip
- %APPDATA%\iJbpr\30EL\geoip6
- %APPDATA%\iJbpr\30EL\libevent_extra-2-0-5.dll
- %APPDATA%\iJbpr\r3\3T
- %APPDATA%\iJbpr\p3RM\nr42
- %APPDATA%\iJbpr\30EL\libevent-2-0-5.dll
- %APPDATA%\iJbpr\30EL\state.tmp
- %APPDATA%\iJbpr\30EL\zlib1.dll
- %APPDATA%\iJbpr\30EL\libgmp-10.dll
- %APPDATA%\iJbpr\30EL\libssp-0.dll
- %APPDATA%\iJbpr\Mecu.exe
- %APPDATA%\iJbpr\30EL\libgcc_s_sjlj-1.dll
- %APPDATA%\iJbpr\30EL\options
- %APPDATA%\iJbpr\30EL\torrc
- %APPDATA%\iJbpr\30EL\torrc-defaults
- %APPDATA%\iJbpr\30EL\ssleay32.dll
- %APPDATA%\iJbpr\30EL\svchost.exe
- %APPDATA%\iJbpr\p3RM\nr42
- %APPDATA%\iJbpr\30EL\state.tmp в %APPDATA%\iJbpr\30EL\state
- '86.##.119.88':443
- '62.##0.92.11':9101
- '19#.#3.244.244':443
- '17#.#5.193.9':80
- '91.#21.54.8':9001
- '18.#.0.1':9
- 'localhost':9151
- 'localhost':1039
- '21#.#3.154.33':8443
- '82.##6.54.187':80
- http://82.##6.54.187/mdir/niro_32.zip
- http://82.##6.54.187/5XVVHP10R6LuH6mJsAibr3DEMcW3TPrA5XVVHP10R6LuH6mJsAibr3DEMcW3TPrA/0/0/0/0/55/0:0:0/2/