Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'setup' = '%ALLUSERSPROFILE%\Setup64.exe'
- %TEMP%\7zipsfx.000\vdsn.dll
- %TEMP%\7zipsfx.000\txupd.exe
- %TEMP%\7zipsfx.000\dlbs.dll
- %TEMP%\7zipsfx.000\fat32.sys
- %TEMP%\7zipsfx.000\fat32.dll
- %TEMP%\7zipsfx.000\setup64.exe
- %TEMP%\7zipsfx.000\windnsapi.dll
- %TEMP%\fat32.dll
- %TEMP%\rasnsapi.ra
- %TEMP%\rasdlbs.ra
- %TEMP%\rasvdsn.ra
- %ALLUSERSPROFILE%\destro
- %TEMP%\~bb16\c
- %TEMP%\7zipsfx.000\dlbs.dll
- %TEMP%\7zipsfx.000\fat32.dll
- %TEMP%\7zipsfx.000\fat32.sys
- %TEMP%\7zipsfx.000\txupd.exe
- %TEMP%\7zipsfx.000\vdsn.dll
- %TEMP%\7zipsfx.000\windnsapi.dll
- %TEMP%\7zipsfx.000\setup64.exe в %ALLUSERSPROFILE%\setup64.exe
- %TEMP%\fat32.dll в %ALLUSERSPROFILE%\rasapi64.rs
- %TEMP%\rasnsapi.ra в %ALLUSERSPROFILE%\rasnsapi.ra
- %TEMP%\rasdlbs.ra в %ALLUSERSPROFILE%\rasdlbs.ra
- %TEMP%\rasvdsn.ra в %ALLUSERSPROFILE%\rasvdsn.ra
- %APPDATA%\mozilla\firefox\profiles\gn7ryp3k.default\prefs.js
- 'ba##u.com':80
- '36#.cn':80
- DNS ASK ba##u.com
- DNS ASK 36#.cn
- DNS ASK 0.##.#.10.in-addr.arpa
- '%TEMP%\7zipsfx.000\txupd.exe'
- '%ALLUSERSPROFILE%\setup64.exe'