Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wUK' = '%TEMP%\Adovetmp35943.exe.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\RqoMwHdQvZ.eu.url
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.nfo
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.dat
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.svr
- %TEMP%\us.0
- %APPDATA%\RqoMwHdQvZ\RqoMwHdQvZ.exe
- %TEMP%\Adovetmp35943.exe.exe
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.svr
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.dat
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.nfo
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.svr
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.nfo
- %TEMP%\aut1.tmp
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.svr
- %APPDATA%\Microsoft\Windows\zUB8dknwC\zUB8dknwC.nfo
- 'c0######.is-not-certified.com':900
- 'h1###l3r.click':900
- 'ss####.moneyhome.biz':900
- 'k4#####4.publicvm.com':900
- 'wi####up.16-b.it':900
- DNS ASK c0######.is-not-certified.com
- DNS ASK h1###l3r.click
- DNS ASK ss####.moneyhome.biz
- DNS ASK k4#####4.publicvm.com
- DNS ASK wi####up.16-b.it
- ClassName: 'Shell_TrayWnd' WindowName: ''