Техническая информация
- %WINDIR%\tasks\coolfx.job
- [<HKLM>\System\CurrentControlSet\Services\Resentful Communication] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Resentful Communication] 'ImagePath' = '%APPDATA%\Resentful Communication\Resentful Communication.exe'
- C:\users\clouds~1\appdata\local\temp\wzhjndi.exe
- %APPDATA%\resentful communication\resentful communication.exe
- %ALLUSERSPROFILE%\application data\{91651e6e-08ea-d2e7-9165-51e6e08e79b8}\wzhjndi.exe
- %ALLUSERSPROFILE%\application data\{91651e6e-08ea-d2e7-9165-51e6e08e79b8}\wzhjndi.dat
- %APPDATA%\resentful communication\2xf.dat
- DNS ASK ge###luesee.com
- DNS ASK al####el-pro.com
- DNS ASK ge####uesee.info
- DNS ASK mo###odel.biz
- ClassName: 'EDIT' WindowName: ''
- 'C:\users\clouds~1\appdata\local\temp\wzhjndi.exe'
- '%APPDATA%\resentful communication\resentful communication.exe'