Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd5ed22ab' = '%APPDATA%\d5ed22ab.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd5ed22a' = 'C:\d5ed22ab\d5ed22ab.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\d5ed22ab.exe
- Компонент восстановления системы (SR)
- '%TEMP%\3.tmp'
- '%TEMP%\2.tmp'
- '<SYSTEM32>\svchost.exe' netsvcs
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\msiexec.exe'
- <SYSTEM32>\svchost.exe
- C:\d5ed22ab\d5ed22ab.exe
- %APPDATA%\d5ed22ab.exe
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- 'ip##ddr.es':80
- 'my####rnalip.com':80
- '20#.#6.232.182':80
- 'eu##6.com':80
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- http://eu##6.com/system.php
- DNS ASK my####rnalip.com
- DNS ASK cu###yip.com
- DNS ASK ip##ddr.es
- DNS ASK up####.microsoft.com
- DNS ASK eu##6.com
- ClassName: 'Indicator' WindowName: ''