Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Project1' = '%APPDATA%\kdiljc\Project1.exe'
- '%APPDATA%\685.exe'
- '%TEMP%\Svchost.exe'
- '%TEMP%\RarSFX0\JOXali.exe' "KdIlJC"
- '<SYSTEM32>\taskkill.exe' /F /pid
- %APPDATA%\kdiljc\JOXali.exe
- %APPDATA%\kdiljc\LsSwgV.txt
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.svr
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.nfo
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.dat
- %APPDATA%\kdiljc\1.txt
- %APPDATA%\kdiljc\2.txt
- %APPDATA%\kdiljc\Project1.exe
- %APPDATA%\kdiljc\KdIlJC
- %APPDATA%\kdiljc\skype.exe
- %TEMP%\RarSFX0\mIchEo.exe
- %TEMP%\LsSwgV.txt
- %TEMP%\RarSFX0\JOXali.exe
- %TEMP%\RarSFX0\KdIlJC
- %TEMP%\RarSFX0\LsSwgV.txt
- %TEMP%\Svchost.exe
- %APPDATA%\685.exe
- %TEMP%\KdIlJC
- %TEMP%\JOXali.exe
- %TEMP%\mIchEo.exe
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.svr
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.dat
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.nfo
- %TEMP%\RarSFX0\LsSwgV.txt
- %TEMP%\RarSFX0\mIchEo.exe
- %TEMP%\RarSFX0\KdIlJC
- %APPDATA%\Microsoft\Windows\BeVFxYeiETCX\BeVFxYeiETCX.svr
- %TEMP%\RarSFX0\JOXali.exe
- 'bi#####ck.loginto.me':1008
- DNS ASK cy###-sec.org
- DNS ASK bi#####ck.loginto.me
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''