Техническая информация
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'FfVsEb8DU04YA' = '%ALLUSERSPROFILE%\CTTWindows\{c58l133m8te27m}\FfVsEb8DU04YA.exe'
- %ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\ffvseb8du04ya.exe
- %ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\ctxmui.dll
- %ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\ffvseb8du04ya.txt
- %LOCALAPPDATA%\178bfbff000406f1
- %ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\key
- 'xd##.selfip.com':8080
- 'xd##.selfip.com':12345
- http://xd##.##lfip.com:8080/9x.dll via xd##.selfip.com
- 'xd##.selfip.com':12345
- DNS ASK xd##.selfip.com
- ClassName: '' WindowName: ''
- '%ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\ffvseb8du04ya.exe'
- '<Полный путь к файлу>' 490A300A560A5A0A780A650A6D0A780A6B0A670A4E0A6B0A7E0A6B0A560A490A5E0A5E0A5D0A630A640A6E0A650A7D0A790A560A710A690A3F0A320A660A3B0A390A390A670A320A7E0A6F0A380A3D0A670A770A560A4C0A6C0A5C0A790A4F0A6...' (со скрытым окном)
- '%ALLUSERSPROFILE%\cttwindows\{c58l133m8te27m}\ffvseb8du04ya.exe' ' (со скрытым окном)