Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Updatus' = 'C:\Updatus.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nnnQsBfJEXlyIGLarljxils' = '%APPDATA%\DVNTpfoDKOuQZyIGVGxLdIzLaNS.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\44dum5b7.cmdline"
- %APPDATA%\DVNTpfoDKOuQZyIGVGxLdIzLaNS.exe
- %TEMP%\44dum5b7.dll
- C:\Updatus.exe
- %TEMP%\RES2.tmp
- %TEMP%\44dum5b7.cmdline
- %TEMP%\44dum5b7.0.vb
- %TEMP%\vbc1.tmp
- %TEMP%\44dum5b7.out
- %TEMP%\44dum5b7.0.vb
- %TEMP%\44dum5b7.dll
- %TEMP%\44dum5b7.out
- %TEMP%\RES2.tmp
- %TEMP%\vbc1.tmp
- %TEMP%\44dum5b7.cmdline
- 'xb####s.no-ip.info':3190
- 'mi###.zapto.org':3190
- DNS ASK xb####s.no-ip.info
- DNS ASK mi###.zapto.org
- ClassName: '' WindowName: 'ztsrfrsdhz'