Техническая информация
- '%TEMP%\tmp2FD.exe' /s /t /i Yontoo9 /u http://www.ch####wnload.com/index.php /ta
- '%TEMP%\Download_D90F\<Имя вируса>.exe' --elevated
- '<SYSTEM32>\wermgr.exe' -queuereporting
- %TEMP%\<Имя вируса>_001084.log
- %TEMP%\tmp2FD.exe
- %TEMP%\awhA0E.tmp
- %APPDATA%\Roaming\Oxy\config.xml
- %TEMP%\Download_D90F\<Имя вируса>.exe
- %TEMP%\htmlayout.dll
- %TEMP%\awhA0E.tmp в %TEMP%\E9D303A1BD7907154244326ECE7E1D90.ini
- 'www.ch####wnload.com':80
- 'www.fr#####esdownloader.com':80
- www.fr#####esdownloader.com/api/keywordexecute/9d2c79e740be11e3ab77cf6f134e8de9/276700001/<Служебное имя>
- www.fr#####esdownloader.com/api/firstscreenshown/9d2c79e740be11e3ab77cf6f134e8de9/276700001
- www.fr#####esdownloader.com/api/cc
- www.fr#####esdownloader.com/api/Fixed//
- www.ch####wnload.com/name.php
- DNS ASK www.ch####wnload.com
- DNS ASK www.fr#####esdownloader.com
- ClassName: 'CicLoaderWndClass' WindowName: '(null)'
- ClassName: 'OleMainThreadWndClass' WindowName: '(null)'