Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'Microsft@operati' = '%APPDATA%\Onedrivel\Prevhostwin10.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{I428F72B-17T1-3YB6-KVXD-ED316JPXN378}] 'StubPath' = '"%APPDATA%\Onedrivel\Prevhostwin10.exe"'
- prevhostwin10.exe
- %TEMP%\autd118.tmp
- %APPDATA%\prevhosti32.exe
- %TEMP%\autd213.tmp
- %APPDATA%\onedrivel\prevhostwin10.exe
- %TEMP%\autd118.tmp
- %TEMP%\autd213.tmp
- 'te####ewer.ddns.net':3360
- 'lo###.#able-modem.org':3360
- DNS ASK te####ewer.ddns.net
- DNS ASK lo###.#able-modem.org
- '%APPDATA%\prevhosti32.exe'
- '%APPDATA%\onedrivel\prevhostwin10.exe'