Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\GmPnSN] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\fxiubi.exe' = '<SYSTEM32>\fxiubi.exe:*:Enabled:Microsoft (R) Internetal IExplore'
- '<SYSTEM32>\fxiubi.exe'
- '%TEMP%\ЅЙЗГЖЛ°ФЅГЖЗ.exe'
- '%TEMP%\±иЗцЅД ј·ЖД.exe'
- <SYSTEM32>\fxiubi.exe
- %TEMP%\ЅЙЗГЖЛ°ФЅГЖЗ.exe
- %TEMP%\±иЗцЅД ј·ЖД.exe
- %TEMP%\±иЗцЅД ј·ЖД.exe
- 'fi####.no-ip.org':5031
- 'ho#####on.raonnet.com':80
- ho#####on.raonnet.com/simplepop/sp_user.php
- DNS ASK fi####.no-ip.org
- DNS ASK ho#####on.raonnet.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'