Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TaskMgr' = '%APPDATA%\Roaming\Microsoft\taskmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'OS.exe' = '"%TEMP%\tmpB70F.tmp.exe"'
- '%TEMP%\temp_JQoXHdXKmc\vbc.exe'
- '%APPDATA%\Roaming\Microsoft\taskmgr.exe'
- '%TEMP%\tmpB70F.tmp.exe' /pq
- '%TEMP%\tmpB70F.tmp.exe' /px
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="TaskMgr" dir=in action=allow program="%APPDATA%\Roaming\Microsoft\taskmgr.exe" enable=yes
- %APPDATA%\Roaming\Microsoft\VrqQE05swafNH
- %APPDATA%\Roaming\Microsoft\taskmgr.exe
- %TEMP%\tmpB70F.tmp.exe
- %TEMP%\temp_JQoXHdXKmc\vbc.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\checkip_dyndns_com[1]
- %APPDATA%\Roaming\Microsoft\taskmgr.exe
- %APPDATA%\Roaming\Microsoft\VrqQE05swafNH
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\checkip_dyndns_com[1]
- 'ch####p.dyndns.com':80
- 'localhost':57715
- ch####p.dyndns.com/
- DNS ASK ch####p.dyndns.com
- '22#.0.0.252':5355