Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,"%APPDATA%\appdatax.exe",'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'setup' = '%APPDATA%\appdatax.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{8SP70W1B-DAUX-511X-02IK-K32YV8P18736}] 'StubPath' = '"%APPDATA%\appdatax.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'amdsetup' = '%APPDATA%\appdatax.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe "%APPDATA%\appdatax.exe"'
- '%APPDATA%\appdatax.exe'
- %APPDATA%\log.txt
- %APPDATA%\appdatax.exe
- 'pr###.sytes.net':3340
- DNS ASK pr###.sytes.net
- ClassName: 'Indicator' WindowName: ''