Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'explorer' = '%LOCALAPPDATA%\explorer.exe'
- <Текущая директория>\filename.txt
- <Текущая директория>\updater.exe
- %WINDIR%\injector.exe
- %LOCALAPPDATA%\explorer.exe
- %LOCALAPPDATA%\google\chrome\user data\default\history1
- %LOCALAPPDATA%\microsoft\injector.exe_url_am3qkrtwob3s14cxokyqmwxque2d5qhf\1.0.0.0\3h0ikxoy.newcfg
- %LOCALAPPDATA%\log.txt
- %LOCALAPPDATA%\log.txt
- %LOCALAPPDATA%\microsoft\injector.exe_url_am3qkrtwob3s14cxokyqmwxque2d5qhf\1.0.0.0\3h0ikxoy.newcfg в %LOCALAPPDATA%\microsoft\injector.exe_url_am3qkrtwob3s14cxokyqmwxque2d5qhf\1.0.0.0\user.config
- http://clients3.google.com/generate_204
- DNS ASK so##o.eu
- DNS ASK clients3.google.com
- DNS ASK ip##fo.io
- DNS ASK ir#.dal.net
- DNS ASK ir#.##ropnet.org
- DNS ASK ir#.##nastynet.net
- DNS ASK ir#.##berarmy.net
- DNS ASK ir#.##phachat.net
- DNS ASK ir#.#dfnet.net
- DNS ASK ir#.###erthegame.com
- DNS ASK ir#.#litzed.org
- '<Текущая директория>\updater.exe'
- '%WINDIR%\injector.exe'