Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'sundor' = '%WINDIR%\windir\xen.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dorus' = '%WINDIR%\windir\xen.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'vimanos' = '%WINDIR%\windir\xen.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'vimanos' = '%WINDIR%\windir\xen.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5OV0F7LQ-KW5C-8380-2R53-UC1620724SU5}] 'StubPath' = '%WINDIR%\windir\xen.exe Restart'
- %TEMP%\server11.exe
- %WINDIR%\windir\xen.exe
- %WINDIR%\windir\logs.dat
- %WINDIR%\windir\plugin.dat
- %WINDIR%\windir\logs.dat
- DNS ASK al####11.no-ip.biz
- '%TEMP%\server11.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'