Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- '%HOMEPATH%\My Documents\MSDCSC\msdcsc.exe'
- '%TEMP%\XP3T7FYP5ZESESVWR5AMRKHIHNZVNQIV..EXE'
- '%TEMP%\NSEGTTG6ZYCGTXLVHSXLP46JCQSKZ9PP..EXE'
- %TEMP%\RazorCryptv2\rc4.exe
- %TEMP%\RazorCryptv2\upx.exe
- %TEMP%\RazorCryptv2\junk.au3
- %TEMP%\RazorCryptv2\AutoItSC.bin
- %TEMP%\RazorCryptv2\SkypeIcon.ico
- %APPDATA%\dclogs\2014-08-22-6.dc
- %TEMP%\RazorCryptv2\net2.exe
- %TEMP%\RazorCryptv2\net4.exe
- %TEMP%\NSEGTTG6ZYCGTXLVHSXLP46JCQSKZ9PP..EXE
- %TEMP%\XP3T7FYP5ZESESVWR5AMRKHIHNZVNQIV..EXE
- %TEMP%\aut1.tmp
- %TEMP%\cun.sse
- %TEMP%\RazorCryptv2\usg.exe
- %TEMP%\RazorCryptv2\1sx.au3
- %HOMEPATH%\My Documents\MSDCSC\msdcsc.exe
- %TEMP%\RazorCryptv2\Aut2Exe.exe
- %TEMP%\aut1.tmp
- 'ra####canner.com':80
- 'localhost':1040
- 'cy#####rm123.zapto.org':1604
- ra####canner.com/razor.php?hw###
- DNS ASK ra####canner.com
- DNS ASK cy#####rm123.zapto.org
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''