Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'RIW395ALP51CQ9P7I7' = '%ALLUSERSPROFILE%\95U51E7CAK5MH7I3R5\RIW395ALP51CQ9P7I7.exe'
- %ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\riw395alp51cq9p7i7.exe
- %ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\msedgeupdate.dll
- %ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\riw395alp51cq9p7i7.data
- %LOCALAPPDATA%\178bfbff000306e4
- %ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\key
- %TEMP%\z46dhlptdllp96lpt\93xhl.data
- %TEMP%\z46dhlptdllp96lpt\msedgeupdate.dll
- %TEMP%\z46dhlptdllp96lpt\93xhl.exe
- %TEMP%\z46dhlptdllp96lpt\key
- %TEMP%\z46dhlptdllp96lpt\8i5uv9a10qux9173fwrcw0z.exe
- %TEMP%\z46dhlptdllp96lpt\8i5uv9a10qux9173fwrcw0z.data
- %ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\key
- %TEMP%\z46dhlptdllp96lpt\key
- %TEMP%\z46dhlptdllp96lpt\key
- '12#.#1.239.136':7000
- '12#.#1.239.136':3000
- http://12#.##.239.136:7000/6X/client.dll via 12#.#1.239.136
- '12#.#1.239.136':3000
- '%ALLUSERSPROFILE%\95u51e7cak5mh7i3r5\riw395alp51cq9p7i7.exe'
- '%TEMP%\z46dhlptdllp96lpt\93xhl.exe'
- '%TEMP%\z46dhlptdllp96lpt\8i5uv9a10qux9173fwrcw0z.exe'