Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'emuvajsr' = '"%WINDIR%\yroluwwr.exe"'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings]
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook]
- %PROGRAMDATA%\etejocuqagymaliv\etabiqif
- %WINDIR%\yroluwwr.exe
- %PROGRAMDATA%\etejocuqagymaliv\imabopif
- %PROGRAMDATA%\etejocuqagymaliv\icabogif
- '19#.#3.244.244':443
- '17#.#5.193.9':80
- DNS ASK yg######or.bigcrashcar.net
- DNS ASK ip##ho.net
- DNS ASK my####rnalip.com
- DNS ASK wt###myip.com
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv