Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fobox(ПµНіЖф¶ЇПо)' = '<SYSTEM32>\Fox\Fox_.exe'
- '<SYSTEM32>\Fox\Fox_.exe'
- '%WINDIR%\Fonts\CK.exe'
- %WINDIR%\Fonts\CK.exe
- <SYSTEM32>\Fox\Fox_.exe
- <SYSTEM32>\Fox\ТСґґЅЁ
- <SYSTEM32>\Fox\Fox_.exe
- C:\РЎ±щ.ini
- <SYSTEM32>\hide.sys
- %WINDIR%\Fonts\CK.exe
- <SYSTEM32>\PastZgRfz.sys
- C:\Pid.ini
- %WINDIR%\Fonts\CK.exe
- <SYSTEM32>\hide.sys
- <SYSTEM32>\PastZgRfz.sys
- 'v9.#phu.com':80
- 'localhost':1037
- v9.#phu.com/kss_api/api.php?a=#######################################################
- DNS ASK v9.#phu.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'CK.exe'