Техническая информация
- %WINDIR%\tasks\videotime.job
- [<HKLM>\System\CurrentControlSet\Services\Annoyed Life] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Annoyed Life] 'ImagePath' = '%APPDATA%\Annoyed Life\Annoyed Life.exe'
- C:\users\clouds~1\appdata\local\temp\bvsqe.exe
- %TEMP%\s3so.exe
- %APPDATA%\annoyed life\annoyed life.exe
- %ALLUSERSPROFILE%\application data\{ac6b09b7-e706-5fb7-ac6b-b09b7e7026df}\s3so.exe
- %ALLUSERSPROFILE%\application data\{ac6b09b7-e706-5fb7-ac6b-b09b7e7026df}\s3so.dat
- %APPDATA%\annoyed life\juy.dat
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- DNS ASK gr###model.biz
- DNS ASK pa###tmodel.biz
- ClassName: 'EDIT' WindowName: ''
- 'C:\users\clouds~1\appdata\local\temp\bvsqe.exe'
- '%TEMP%\s3so.exe'
- '%APPDATA%\annoyed life\annoyed life.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\s3so.exe