Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'oJK' = '%ALLUSERSPROFILE%\Start Menu\Programs\Windows Cleaner.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\zL5LWsNJYD.eu.url
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\j.4O
- %APPDATA%\Windows Updater\Screenshots\03-27-2017\12.47 PM
- %TEMP%\aut1.tmp
- %APPDATA%\zL5LWsNJYD\zL5LWsNJYD.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Windows Cleaner.exe
- %TEMP%\aut1.tmp
- 'll###.#hickenkiller.com':5552
- DNS ASK ll###.#hickenkiller.com