Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'AppDomain' = '"%APPDATA%\AppDomain.exe"'
- '%TEMP%\domain\wdacl.exe'
- '%APPDATA%\AppDomain.exe'
- %TEMP%\nsbD.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsgA.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsr8.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsx12.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsr11.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsmE.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\domain\wdacl.exe
- %TEMP%\nsh2.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\TqvEjYXfBKhJSHCSC
- %TEMP%\nsg6.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsw4.tmp\zpyvYSkdjWXAvCfUv.dll
- %APPDATA%\AppDomain.exe
- %TEMP%\nsmE.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsbD.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsx12.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsr11.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsgA.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsw4.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsh2.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsr8.tmp\zpyvYSkdjWXAvCfUv.dll
- %TEMP%\nsg6.tmp\zpyvYSkdjWXAvCfUv.dll
- 're#####t87.no-ip.org':8888
- 'ld#####djasd.ddns.net':8888
- 'to####ps7.ddns.net':8888
- DNS ASK re#####t87.no-ip.org
- DNS ASK ld#####djasd.ddns.net
- DNS ASK to####ps7.ddns.net