Техническая информация
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = 'regsvr32 /n /i /s "<LS_APPDATA>\amgekai.ajg"'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\ctfmon.lnk
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3bwluau1q5xzszr[1].2nJrEhbr5gIAx4UCMw8oE916dG6lWbrspufcfbS3IXel6ycvudToaOU!
- <LS_APPDATA>\amgekai.ajg
- %ALLUSERSPROFILE%\Application Data\lditlwk.dty
- '3b####u1q5xzszr.com':80
- 3b####u1q5xzszr.com/?p=############################################################################
- DNS ASK 3b####u1q5xzszr.com