Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jooquen' = '<SYSTEM32>\buquyr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\y8lirse8deya] 'Start' = '00000002'
- <SYSTEM32>\mooboudynnur.exe
- %TEMP%\em1c1DMK.txt
- %TEMP%\em1c1DMK.txt
- из <SYSTEM32>\gounniped.exe в <SYSTEM32>\buquyr.exe
- из <Полный путь к вирусу> в <SYSTEM32>\gounniped.exe
- '98.##7.54.237':25
- '74.##5.113.27':25
- '20#.#91.88.254':25
- '20#.#90.36.85':25
- '65.##.92.136':25
- '76.##.30.116':25
- '65.##.92.152':25
- '76.##.62.116':25
- '65.##.37.120':25
- '20#.#90.54.127':25
- '20#.#5.221.44':25
- '20#.#5.229.27':25
- '74.#.136.65':25
- '67.##5.168.31':25
- '67.##5.168.230':25
- '65.#5.37.72':25
- '74.##5.148.14':25
- '65.##.92.168':25
- '65.##.188.110':25
- '74.##5.148.10':25
- ClassName: 'Shell_TrayWnd' WindowName: ''