Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'kissq' = '%TEMP%\kissq.exe'
- '' (загружен из сети Интернет)
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\temp\jieolll.exe
- %TEMP%\jfiag_gg.exe
- %TEMP%\fjgha23_fa.txt
- %TEMP%\kissq.exe
- %TEMP%\temp\id4.exe
- %APPDATA%\mozilla\firefox\profiles\gn7ryp~1.def\cookies.sqlite-shm
- http://ip###ger.org/1Wnwe7
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ip##pi.com/xml
- http://os##oft.com/20190118/things.xml
- http://jo####.jfoaigh.com/uue/jieolll.exe
- http://ip##pi.com/json/
- http://uh####r.2ihsfa.com/api/fbtime
- http://ip###ger.org/15Snr7
- http://os##oft.com/20190118/rates.xml
- http://me#####wnloader25.tk/&payout=0.020000
- http://at###003.top/down/id4.exe
- http://go#####analytics.com/collect
- DNS ASK ip###ger.org
- DNS ASK ip##pi.com
- DNS ASK go#####analytics.com
- DNS ASK os##oft.com
- DNS ASK jo####.jfoaigh.com
- DNS ASK uh####r.2ihsfa.com
- DNS ASK me#####wnloader25.tk
- DNS ASK at###003.top
- '%TEMP%\temp\jieolll.exe' /subid=450
- '%TEMP%\jfiag_gg.exe' /scookiestxt %TEMP%\fjgha23_fa.txt
- '%TEMP%\temp\id4.exe'
- '%TEMP%\jfiag_gg.exe' /scookiestxt %TEMP%\fjgha23_fa.txt' (со скрытым окном)