Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HKCU' = ''
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{783S38RX-11K3-D4E7-72H2-JW6GI87FKX50}] 'StubPath' = '<DRIVERS>\adv9nt5.dll.exe Restart'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'HKLM' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Policies' = ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Policies' = ''
- '<DRIVERS>\adv9nt5.dll.exe'
- <SYSTEM32>\cscript.exe
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %APPDATA%\logs.dat
- <DRIVERS>\adv9nt5.dll.exe
- %TEMP%\XX--XX--XX.txt
- %APPDATA%\logs.dat
- <DRIVERS>\adv9nt5.dll.exe
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
- 'he###.no-ip.biz':1300
- 'hi###.no-ip.biz':82
- 'he###.no-ip.biz':447
- 'he###.no-ip.biz':82
- 'he###.no-ip.biz':288
- 'hi###.no-ip.biz':288
- 'ib#####-305.no-ip.biz':288
- 'ib#####-305.no-ip.biz':447
- 'ib#####-305.no-ip.biz':82
- 'hi###.no-ip.biz':447
- 'hi###.no-ip.biz':1300
- DNS ASK he###.no-ip.biz
- DNS ASK hi###.no-ip.biz
- DNS ASK ib#####-305.no-ip.biz
- ClassName: 'Indicator' WindowName: ''