Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{33NDO42D-P54E-6X03-4202-VG13DCB41B80}] 'StubPath' = '%WINDIR%\sysdat\syscom.exe Restart'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '{A37B65CX-8XL0-WAFB-25UO-58W7IQ3KT17L}' = '%WINDIR%\sysdat\syscom.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '{6F163T4J-6K3N-J5N6-1T66-CRPBJHHE25DO}' = '%WINDIR%\sysdat\syscom.exe'
- %TEMP%\crypted.exe
- %WINDIR%\sysdat\syscom.exe
- %WINDIR%\sysdat\logs.dat
- %WINDIR%\sysdat\plugin.dat
- %WINDIR%\sysdat\logs.dat
- 'localhost':81
- DNS ASK da####on.myftp.biz
- ClassName: 'MS_WINHELP' WindowName: ''
- '%TEMP%\crypted.exe'
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'