Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'micro' = '%LOCALAPPDATA%\DXILK\h4Dbl.vbe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe
- %LOCALAPPDATA%\dxilk\ynyac
- %LOCALAPPDATA%\dxilk\ilaia
- %LOCALAPPDATA%\dxilk\ymqgix
- %LOCALAPPDATA%\dxilk\jjnjf
- %LOCALAPPDATA%\dxilk\h4dbl.vbe
- %LOCALAPPDATA%\dxilk\blllj.2385e
- %LOCALAPPDATA%\dxilk\qyayf.2052
- %LOCALAPPDATA%\dxilk\ycmrc.1s392
- %LOCALAPPDATA%\dxilk\gxxgv.3jb4
- %LOCALAPPDATA%\dxilk\ppzph.7rd3m
- %LOCALAPPDATA%\dxilk\apmmd.k6g7x
- %LOCALAPPDATA%\dxilk\iisma.90e6
- %LOCALAPPDATA%\dxilk\ekyji.p46sx
- %LOCALAPPDATA%\dxilk\ipsob.exe
- %LOCALAPPDATA%\dxilk\ymesj
- %PROGRAMDATA%\7433cdb324b04dd5e3c3db213381216c7c539baa
- %LOCALAPPDATA%\dxilk\jjnjf
- %PROGRAMDATA%\7433cdb324b04dd5e3c3db213381216c7c539baa
- %LOCALAPPDATA%\dxilk\ipsob.exe
- 'oz####9.duckdns.org':3984
- 'te######ies1.duckdns.org':3984
- DNS ASK oz####9.duckdns.org
- DNS ASK te######ies1.duckdns.org
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "%LOCALAPPDATA%\DXILK\h4Dbl.vbe"
- '%LOCALAPPDATA%\dxilk\ipsob.exe' %LOCALAPPDATA%\DXILK\JJNJF
- '%LOCALAPPDATA%\dxilk\ipsob.exe' %LOCALAPPDATA%\DXILK\YMESJ
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe'