Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Stuvwx Abcdefgh Jkl] 'Start' = '00000002'
- '<SYSTEM32>\yygeym.exe'
- <SYSTEM32>\yygeym.exe
- <SYSTEM32>\Microsoft\Protect\S-1-5-18\User\915eaf90-4f5c-4f90-8286-0f8d04936964
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\5f20925ad2c5776d06c97fc8ee4a524c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-18\549b9b645cadfe6bb4bc69cf363c354c_23ef5514-3059-436f-a4a7-4cefaab20eb1
- 'any':54320
- 'xl.###arkddos.com':54320
- DNS ASK xl.###arkddos.com