Техническая информация
- [HKLM\System\CurrentControlSet\Services\Remorseful Bunch] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\Remorseful Bunch] 'ImagePath' = '%APPDATA%\Remorseful Bunch\Remorseful Bunch.exe'
- 'Remorseful Bunch' %APPDATA%\Remorseful Bunch\Remorseful Bunch.exe
- %ALLUSERSPROFILE%\{80ffb65d-92c7-d3c7-80ff-fb65d92cd976}\<Имя файла>.exe
- %APPDATA%\remorseful bunch\remorseful bunch.exe
- %ALLUSERSPROFILE%\{80ffb65d-92c7-d3c7-80ff-fb65d92cd976}\<Имя файла>.dat
- %APPDATA%\remorseful bunch\5bodv.dat
- 'ce####-ring.link':80
- http://ce####-ring.link/?q=######################################################################################################################################################################...
- DNS ASK fi####usapro.info
- DNS ASK ce####-ring.link
- DNS ASK pa###tmodel.biz
- '%APPDATA%\remorseful bunch\remorseful bunch.exe'