Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{FLR12C8M-LF2H-OG0P-PX1E-N0TRI513Y10X}] 'StubPath' = '%APPDATA%\WindowDir\window.exe restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%APPDATA%\WindowDir\window.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '%APPDATA%\WindowDir\window.exe'
- <SYSTEM32>\svchost.exe
- A.exe
- %APPDATA%\WindowDir\window.exe
- %TEMP%\window1.exe
- %TEMP%\window2.exe
- %APPDATA%\Microsoft\Windows\aAQZ6qhr.cfg
- %TEMP%\window.exe
- %TEMP%\A.exe
- %TEMP%\JNcm.HU
- %TEMP%\window2.exe
- %TEMP%\window1.exe
- %APPDATA%\Microsoft\Windows\aAQZ6qhr.cfg
- %APPDATA%\Microsoft\Windows\aAQZ6qhr.cfg
- %APPDATA%\Microsoft\Windows\aAQZ6qhr.cfg
- 'su####olm.ddns.net':92
- 'su####olm.ddns.net':2000
- 'localhost':1036
- DNS ASK su####olm.ddns.net
- '%TEMP%\window2.exe'
- '%APPDATA%\WindowDir\window.exe'
- '%TEMP%\window1.exe'
- '%TEMP%\window.exe'
- '%TEMP%\A.exe'
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE'
- '<SYSTEM32>\svchost.exe'