Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<LS_APPDATA>\API32\dllhost86.exe' = '<LS_APPDATA>\API32\dllhost86.exe:...
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe' <LS_APPDATA>\API32\dllhost86.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<LS_APPDATA>\API32\dllhost86.exe" "VVJOWFlNQVYVVJOWFlNQVY"
- '<LS_APPDATA>\API32\dllhost86.exe'
- '<SYSTEM32>\cmd.exe' /c timeout /t 2 && del "<Полный путь к файлу>"
- '<SYSTEM32>\cmd.exe' /c timeout /t 2 && del "<Полный путь к файлу>.config"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- <LS_APPDATA>\API32\dllhost86.exe:Zone.Identifier
- <LS_APPDATA>\API32\dllhost86.exe
- <LS_APPDATA>\API32\dllhost86.exe.config
- <LS_APPDATA>\API32\dllhost86.exe
- '34#####493tj.download':80
- 'do####934yj9j.pw':80
- '3j###g9uj.ws':80
- '39###k3g4ij.ws':80
- '39###k3g4ij.eu':80
- '34#####48huj483u9.pw':80
- 'pa###bin.com':80
- 'wp#d':80
- 'si####j58h6j490.tk':80
- '3j###g94i.cf':80
- 'sd####8434j58.ga':80
- http://34#####493tj.download/
- http://do####934yj9j.pw/
- http://3j###g9uj.ws/
- http://39###k3g4ij.ws/
- http://39###k3g4ij.eu/
- http://34#####48huj483u9.pw/
- http://pa###bin.com/raw/3evyWvZ6
- http://11#.#11.111.1/wpad.dat via wp#d
- http://si####j58h6j490.tk/
- http://3j###g94i.cf/
- http://sd####8434j58.ga/
- DNS ASK 34#####493tj.download
- DNS ASK do####934yj9j.pw
- DNS ASK 3j###g9uj.ws
- DNS ASK 39###k3g4ij.ws
- DNS ASK 39###k3g4ij.eu
- DNS ASK 34#####48huj483u9.pw
- DNS ASK pa###bin.com
- DNS ASK wp#d
- DNS ASK si####j58h6j490.tk
- DNS ASK 3j###g94i.cf
- DNS ASK sd####8434j58.ga
- ClassName: 'Shell_TrayWnd' WindowName: ''