Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = '%APPDATA%\InstallDir\svhost.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = '%APPDATA%\InstallDir\svhost.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{WA82FSI6-BN73-22QU-QYOY-A6LGHR2D0BMX}] 'StubPath' = '%APPDATA%\InstallDir\svhost.exe restart'
- %WINDIR%\syswow64\notepad.exe
- %APPDATA%\microsoft\windows\cmjkma.cfg
- %APPDATA%\installdir\svhost.exe
- %APPDATA%\microsoft\windows\cmjkma.dat
- %APPDATA%\microsoft\windows\cmjkma.cfg
- %APPDATA%\microsoft\windows\cmjkma.dat
- DNS ASK sp####.no-ip.org
- '%WINDIR%\syswow64\svchost.exe'
- '%WINDIR%\syswow64\notepad.exe'