Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'VN6utIxsJiM' = '<LS_APPDATA>\Microsoft\Windows\tycocuc.exe'
- '<LS_APPDATA>\Microsoft\Windows\tycocuc.exe'
- '<SYSTEM32>\svchost.exe'
- '<LS_APPDATA>\Microsoft\Windows\tycocuc.exe'
- <SYSTEM32>\svchost.exe
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\376BFD73BDD197C5E831FA878443B524E579EF68
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Wh83Wwg+MQUWfx58RCAxJCNRYxY4cGVQJjJpQXkGR0FRbFMwVwNYYgBTH3xIP2EgMh9uFi81bF8wdXgOdVIZEAM5DXBGUVFvFgUUexI7d2M+H28be2F3AXlxc...
- <LS_APPDATA>\Microsoft\Windows\EFS0.TMP
- %TEMP%\gydwwetrp.dll
- <LS_APPDATA>\Microsoft\Windows\tycocuc.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\81a52a36c87cd7376b1128a95d3a649b_23ef5514-3059-436f-a4a7-4cefaab20eb1
- %APPDATA%\Microsoft\Protect\CREDHIST
- C:\System Volume Information\EFS0.LOG
- <LS_APPDATA>\Microsoft\Windows\EFS0.TMP
- %TEMP%\gydwwetrp.dll
- '66.##.157.85':80
- http://66.##.157.85/Wh83Wwg+MQUWfx58RCAxJCNRYxY4cGVQJjJpQXkGR0FRbFMwVwNYYgBTH3xIP2EgMh9uFi81bF8wdXgOdVIZEAM5DXBGUVFvFgUUexI7d2M+H28be2F3AXlxcUYiHRMMUyJe
- http://66.##.157.85/
- ClassName: 'Indicator' WindowName: ''