Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'evx' = 'regsvr32 /s "%APPDATA%\evx.r3x" '
- <SYSTEM32>\regsvr32.exe /s "%APPDATA%\evx.r3x"
- <SYSTEM32>\reg.exe add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v evx /d "regsvr32 /s """%APPDATA%\evx.r3x"""
- %APPDATA%\evx.r3x
- %APPDATA%\id
- %TEMP%\~DFCA1C.tmp
- '20#.#8.147.71':80
- 'localhost':1035
- 20#.#8.147.71/v2/testartt34/infect/inf1/?ch########################################################################
- 20#.#8.147.71/v2/testartt34/evx8.html
- ClassName: 'Indicator' WindowName: ''