Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Etcdbbr' = 'C:\Users\Public\Libraries\rbbdctE.url'
- %WINDIR%\explorer.exe
- C:\users\public\libraries\etcdbbr.exe
- C:\users\public\libraries\rbbdcte.url
- 'ra##aris.in':80
- 'de###tohope.com':80
- http://ra##aris.in/HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH/Etcdbbripgqwzbcnxfxtfgepknrumyj
- http://www.de###tohope.com/a2c8/?9r#################################################################################
- DNS ASK ra##aris.in
- DNS ASK de###tohope.com
- DNS ASK cl####eservices.com
- DNS ASK ja##mer.net
- '%WINDIR%\syswow64\logagent.exe'
- '%WINDIR%\syswow64\napstat.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\SysWOW64\logagent.exe"