Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,"%TEMP%\me.exe"'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'me.exe' = '%TEMP%\me.exe'
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,"%TEMP%\na.exe"'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'na.exe' = '%TEMP%\na.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\me.exe
- %APPDATA%\microsoft\windows\start menu\programs\startup\na.exe
- '%TEMP%\na.exe'
- '%TEMP%\me.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe
- na.exe
- %TEMP%\na.exe
- %TEMP%\me.exe
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- '17#.#6.14.74':3366
- '19#.#3.213.38':54999
- 'al#####e.publicvm.com':54999
- DNS ASK al#####e.publicvm.com
- '%WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_state.exe'