Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%TEMP%\CrTvBzqFJX\iiVkYnkbQZ,explorer.exe'
- '%TEMP%\XdfwOBgoLE\Unstart.exe'
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v shell /t REG_SZ /d "%TEMP%\CrTvBzqFJX\iiVkYnkbQZ,explorer.exe"
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\c1553495d844186612b146a6cf9ada88_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Proton\KBLogs\KB-1.1.1.log
- %TEMP%\CrTvBzqFJX\9
- %TEMP%\XdfwOBgoLE\Unstart.exe
- %TEMP%\CrTvBzqFJX\9 в %TEMP%\CrTvBzqFJX\iiVkYnkbQZ
- 'si#######odoitnice.myftp.org':1604
- 'pu#####3.ignorelist.com':7776
- DNS ASK si#######odoitnice.myftp.org
- DNS ASK pu#####3.ignorelist.com
- ClassName: 'CicLoaderWndClass' WindowName: ''