Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ec525f4' = '%APPDATA%\ec525f4.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ec525f' = 'C:\ec525f4\ec525f4.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\ec525f4.exe
- Компонент восстановления системы (SR)
- '%TEMP%\3.tmp'
- '%TEMP%\2.tmp'
- '<SYSTEM32>\svchost.exe' netsvcs
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet
- '%WINDIR%\explorer.exe'
- '<SYSTEM32>\msiexec.exe'
- <SYSTEM32>\svchost.exe
- C:\ec525f4\ec525f4.exe
- %APPDATA%\ec525f4.exe
- %TEMP%\2.tmp
- %TEMP%\3.tmp
- %TEMP%\2.tmp
- '20#.#6.232.182':80
- 'no##e3.com':80
- 'ab##s.com':80
- 'si###ouse.com':80
- 'ip##ddr.es':80
- 'my####rnalip.com':80
- 'cu###yip.com':80
- http://cu###yip.com/
- http://my####rnalip.com/raw
- http://ip##ddr.es/
- http://ab##s.com/img1.php?k=###############
- http://no##e3.com/img5.php?b=###############
- http://si###ouse.com/img5.php?g=###############
- DNS ASK ye##5.com
- DNS ASK no##e3.com
- DNS ASK bo###adiofm.com
- DNS ASK ab##s.com
- DNS ASK si###ouse.com
- DNS ASK my####rnalip.com
- DNS ASK ip##ddr.es
- DNS ASK up####.microsoft.com
- DNS ASK cu###yip.com
- ClassName: 'Indicator' WindowName: ''