Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{BnuOUiuM-krsX-F9zX-Kvpg-SP2KpRk3K7Lb}] 'StubPath' = '<SYSTEM32>\EzjpB.exe'
- [<HKCU>\Software\Microsoft\Active Setup\Installed Components\{BnuOUiuM-krsX-F9zX-Kvpg-SP2KpRk3K7Lb}] 'StubPath' = '<SYSTEM32>\EzjpB.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'E6sxvA' = '<SYSTEM32>\EzjpB.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GoFfEzj' = '<SYSTEM32>\EzjpB.exe'
- <SYSTEM32>\cmd.exe /c """%TEMP%\IcT1j2Vu5v.bat"" "
- <SYSTEM32>\EzjpB.exe
- %TEMP%\IcT1j2Vu5v.bat
- 'gv#.#apto.org':1605
- 'gv#.#omeip.net':1605
- 'cl###.homeip.net':1605
- DNS ASK gv#.#apto.org
- DNS ASK gv#.#omeip.net
- DNS ASK cl###.homeip.net
- ClassName: 'SysListView32' WindowName: ''
- ClassName: '#32770' WindowName: ''
- ClassName: 'Indicator' WindowName: ''