Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'myprogram' = '%APPDATA%\seized.exe'
- seized.exe
- %TEMP%\defector\stowings.y
- %TEMP%\nsj2.tmp\stowings.dll
- %APPDATA%\seized.exe
- %APPDATA%\landing.bmp
- %TEMP%\nsv4.tmp\stowings.dll
- %TEMP%\nsj2.tmp\stowings.dll
- %TEMP%\nsv4.tmp\stowings.dll
- 'localhost':1037
- 'me####.vdsinside.com':80
- http://me####.vdsinside.com/land/USA2.bmp
- http://me####.vdsinside.com/manage/check.php?hw#######################################
- DNS ASK me####.vdsinside.com
- '<Полный путь к файлу>'
- '%APPDATA%\seized.exe'
- '<SYSTEM32>\cmd.exe' /c ipconfig /release
- '<SYSTEM32>\ipconfig.exe' /release