Техническая информация
- [<HKCU>\SYSTEM\CurrentControlSet\Services\C36A74AE] 'ImagePath' = '<SYSTEM32>\4102A806.EXE -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\C36A74AE] 'ImagePath' = '<SYSTEM32>\4102A806.EXE -d'
- [<HKLM>\SYSTEM\ControlSet001\Services\C36A74AE] 'Start' = '00000002'
- '<SYSTEM32>\4102A806.EXE' -d
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\jdjf7ls.dat1
- <SYSTEM32>\sd3dfs.dat
- <SYSTEM32>\4102A806.EXE
- <SYSTEM32>\541BFD9F.DLL
- 'c2.##913.com':80
- 'localhost':1036
- http://c2.##913.com/bad//active.asp?ip################################################################################################################
- http://c2.##913.com/bad//update.txt
- DNS ASK c2.##913.com
- ClassName: '' WindowName: 'їЁ°НЛ№»щ·ґІЎ¶ѕИнјю 6.0: НЁЦЄ'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: '?????????????????? 6.0: ????'
- ClassName: '#32770' WindowName: '????????'
- ClassName: '#32770' WindowName: 'ЅрЙЅ¶ѕ°Ф'