Техническая информация
- [<HKCU>\software\microsoft\windows\currentversion\run] 'RucoAIYI.exe' = '%HOMEPATH%\xUkscAQk\RucoAIYI.exe'
- [<HKLM>\software\Wow6432Node\microsoft\windows\currentversion\run] 'ZYoYQMEc.exe' = '%ALLUSERSPROFILE%\VKEAEsso\ZYoYQMEc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,%ALLUSERSPROFILE%\VKEAEsso\ZYoYQMEc.exe,'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = 'userinit.exe,%ALLUSERSPROFILE%\VKEAEsso\ZYoYQMEc.exe,'
- [<HKLM>\System\CurrentControlSet\Services\VEAQocoo] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\VEAQocoo] 'ImagePath' = '%ALLUSERSPROFILE%\RUEwwQAo\LSEkIAAM.exe'
- 'VEAQocoo' %ALLUSERSPROFILE%\RUEwwQAo\LSEkIAAM.exe
- %HOMEPATH%\xukscaqk\rucoaiyi
- %ALLUSERSPROFILE%\vkeaesso\zyoyqmec
- %HOMEPATH%\xukscaqk\rucoaiyi.exe
- %ALLUSERSPROFILE%\vkeaesso\zyoyqmec.exe
- %ALLUSERSPROFILE%\ruewwqao\lsekiaam.exe
- 'bl##k.io':443
- DNS ASK bl##k.io
- '%HOMEPATH%\xukscaqk\rucoaiyi.exe'
- '%ALLUSERSPROFILE%\vkeaesso\zyoyqmec.exe'
- '%ALLUSERSPROFILE%\ruewwqao\lsekiaam.exe'