Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{70KO35N3-UYHD-7TU3-7UXA-4FC4G1A3V5X6}] 'StubPath' = '<SYSTEM32>\system32\WinLogon.exe Restart'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runAPI68' = '"%TEMP%\runAPI35.exe"'
- <SYSTEM32>\system32\WinLogon.exe
- %WINDIR%\Explorer.EXE
- %APPDATA%\cglogs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
- %TEMP%\win28.exe
- %TEMP%\runAPI35.exe
- <SYSTEM32>\system32\WinLogon.exe
- %APPDATA%\cglogs.dat
- %TEMP%\XxX.xXx
- %TEMP%\UuU.uUu
- %TEMP%\XX--XX--XX.txt
- 't2###.sytes.net':29881
- 't2###.zapto.org':19880
- '11#.#11.111.1':19881
- 't2###.sytes.net':29880
- DNS ASK t2###.zapto.org
- DNS ASK t2###.sytes.net
- DNS ASK t2###.zapto.org
- ClassName: 'shell_traywnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''