Техническая информация
- %WINDIR%\tasks\clockshock.job
- <SYSTEM32>\tasks\clockshock
- [<HKLM>\System\CurrentControlSet\Services\Fresh Band] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Fresh Band] 'ImagePath' = '%APPDATA%\Fresh Band\Fresh Band.exe'
- 'Fresh Band' %APPDATA%\Fresh Band\Fresh Band.exe
- %ALLUSERSPROFILE%\{cf300fb1-cc20-b373-cf30-00fb1cc23ec7}\<Имя файла>.exe
- %ALLUSERSPROFILE%\{cf300fb1-cc20-b373-cf30-00fb1cc23ec7}\<Имя файла>.dat
- %APPDATA%\fresh band\fresh band.exe
- %APPDATA%\fresh band\fba00.dat
- 'pa###tmodel.biz':80
- 'al####el-pro.com':80
- http://pa###tmodel.biz/?q=#######################################################################################################################################################################...
- DNS ASK pa###tmodel.biz
- DNS ASK al####el-pro.com
- '%APPDATA%\fresh band\fresh band.exe'