Техническая информация
- %WINDIR%\tasks\viruspreventer.job
- <SYSTEM32>\tasks\viruspreventer
- [<HKLM>\System\CurrentControlSet\Services\Fresh Infancy] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Fresh Infancy] 'ImagePath' = '%APPDATA%\Fresh Infancy\Fresh Infancy.exe'
- 'Fresh Infancy' %APPDATA%\Fresh Infancy\Fresh Infancy.exe
- %ALLUSERSPROFILE%\{1062020b-2467-3a6f-1062-2020b246082c}\<Имя файла>.exe
- %ALLUSERSPROFILE%\{1062020b-2467-3a6f-1062-2020b246082c}\<Имя файла>.dat
- %APPDATA%\fresh infancy\fresh infancy.exe
- %APPDATA%\fresh infancy\j8.dat
- 'al####el-pro.com':80
- 'ri###ynorth.biz':80
- http://ri###ynorth.biz/?q=#######################################################################################################################################################################...
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- '%APPDATA%\fresh infancy\fresh infancy.exe'