Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Explorer' = '%APPDATA%\IExplore\svhost.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc daily /tn WindowsUpdate /tr %APPDATA%\IExplore\aavfgq.exe /st 18:00 /f
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\IExplore\main.bat" "
- %APPDATA%\IExplore\conf.txt
- %APPDATA%\IExplore\main.txt
- %APPDATA%\IExplore\123.bak
- %APPDATA%\IExplore\main.txt в %APPDATA%\IExplore\main.bat
- %APPDATA%\IExplore\123.bak в %APPDATA%\IExplore\file.data
- 'ip##gger.co':80
- 'le########oney.000webhostapp.com':80
- http://ip##gger.co/1BiR27
- http://le########oney.000webhostapp.com/3.data
- DNS ASK ip##gger.co
- DNS ASK le########oney.000webhostapp.com
- ClassName: 'MS_WINHELP' WindowName: ''