Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd5ed22ab' = '%APPDATA%\d5ed22ab.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd5ed22a' = 'C:\d5ed22ab\d5ed22ab.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\d5ed22ab.exe
- Обновления системы (Windows Update)
- Центр обеспечения безопасности (Security Center)
- Компонент восстановления системы (SR)
- <SYSTEM32>\svchost.exe
- %APPDATA%\d5ed22ab.exe
- C:\d5ed22ab\d5ed22ab.exe
- 'sp#####groscience.com':80
- 'sp###hsewa.com':80
- 'do###riend.com':80
- 'tr###ncy.com':80
- 'ip##ddr.es':80
- 'my####rnalip.com':80
- 'cu###yip.com':80
- http://cu###yip.com/
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- http://sp###hsewa.com/5a8CTM.php?k=#############
- http://do###riend.com/T9Hqj0.php?e=#############
- http://tr###ncy.com/8GBn_t.php?y=#############
- http://sp#####groscience.com/cWo1T2.php?e=#############
- DNS ASK sp###hsewa.com
- DNS ASK sp#####groscience.com
- DNS ASK bo###tower.com
- DNS ASK do###riend.com
- DNS ASK my####rnalip.com
- DNS ASK ip##ddr.es
- DNS ASK tr###ncy.com
- DNS ASK cu###yip.com
- '<SYSTEM32>\svchost.exe' netsvcs
- '%WINDIR%\explorer.exe'