Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '<LS_APPDATA>\f5a698ed\X'
- [<HKLM>\SYSTEM\ControlSet001\Services\.afd] 'ImagePath' = '\?'
- <LS_APPDATA>\f5a698ed\X
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- <LS_APPDATA>\f5a698ed\@
- <LS_APPDATA>\f5a698ed\X
- %WINDIR%\$NtUninstallKB37556$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB37556$\4121336045\@
- '17#.#22.131.145':21810
- '18#.#5.152.199':21810
- '62.##.37.152':21810
- '20#.#7.165.53':21810
- '19#.#5.14.182':21810
- '20#.#14.172.251':21810
- '99.##.123.239':21810
- '95.##.37.219':21810
- '15#.#81.166.250':21810
- '64.##.126.73':21810
- '20#.#6.93.132':21810
- '17#.#3.17.24':80
- '41.##3.32.127':21810
- '19#.#64.82.248':21810
- '21#.#16.62.114':21810
- '72.#02.13.6':21810
- '13#.#69.132.7':21810
- 17#.#3.17.24/bad.php?w=#######################
- 17#.#3.17.24/stat2.php?w=###########################################
- 17#.#3.17.24/stat2.php?w=##########################################