Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RevCode-5704' = '%APPDATA%\RevCode-5704.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\t9lyC1tZNxz92TY8\DiWFzoNBjTnJ.exe",explorer.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- %ALLUSERSPROFILE%\Application Data\Revcode-4D5AAC09\svchost.exe
- %APPDATA%\t9lyC1tZNxz92TY8\DiWFzoNBjTnJ.exe
- %APPDATA%\t9lyC1tZNxz92TY8\DiWFzoNBjTnJ.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe в %APPDATA%\RevCode-5704.exe
- 'localhost':1040
- 'mi####ke.wm01.to':80
- http://mi####ke.wm01.to/recv3.php
- DNS ASK mi####ke.wm01.to
- '%ALLUSERSPROFILE%\Application Data\Revcode-4D5AAC09\svchost.exe' 2876
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe'